Editing EFF DES cracker

{{Short description|Cryptographic hardware}}
{{Use mdy dates|date=June 2015}}
[[Image:Board300.jpg|thumbnail|right|upright=1.2|The [[Electronic Frontier Foundation|EFF]]'s US$250,000 DES cracking machine contained 1,856 custom chips and could [[brute-force attack|brute force]] a DES [[key (cryptography)|key]] in a matter of days — the photo shows a two-sided DES Cracker circuit board fitted with 64 Deep Crack chips]] [[Image:Chip300.jpg|thumbnail|right|The EFF's DES cracker "Deep Crack" custom microchip]]
In [[cryptography]], the '''EFF DES cracker''' (nicknamed "'''Deep Crack'''") is a machine built by the [[Electronic Frontier Foundation]] (EFF) in 1998, to perform a [[brute force attack|brute force]] search of the [[Data Encryption Standard]] (DES) cipher's [[Key space (cryptography)|key space]] – that is, to decrypt an encrypted message by trying every possible key. The aim in doing this was to prove that the [[key size]] of DES was not sufficient to be secure.

Detailed technical data of this machine, including [[block diagram|block diagrams]], [[circuit schematics]], [[VHDL]] source code of the custom chips and its [[emulator]], have all been published in the book ''Cracking DES''. Its [[public domain license]] allows [[Open-source_hardware|everyone to freely copy, use, or modify its design]]. To avoid the [[Export of cryptography from the United States|export regulation on cryptography by the US Government]], the [[source code]] was distributed not in electronic form but as a hardcopy book, of which the open publication is protected by the [[First Amendment]]. Machine-readable metadata is provided to facilitate the transcription of the code into a computer via [[Optical Character Recognition|OCR]] by readers.<ref name="crackingdes">{{cite book|title=Cracking DES - Secrets of Encryption Research, Wiretap Politics & Chip Design|author=Electronic Frontier Foundation|isbn=1-56592-520-3|publisher=Oreilly & Associates Inc|year=1998|url=http://cryptome.org/jya/cracking-des/cracking-des.htm|access-date=2016-10-30|archive-date=2013-10-17|archive-url=https://web.archive.org/web/20131017055750/http://cryptome.org/jya/cracking-des/cracking-des.htm}}</ref>

==Background==
DES uses a 56-bit [[Key size|key]], meaning that there are 2<sup>56</sup> possible keys under which a message can be encrypted. This is exactly 72,057,594,037,927,936, or approximately 72 [[Orders of magnitude (numbers)#1015|quadrillion]] possible keys.  One of the major criticisms of DES, when proposed in 1975, was that the key size was too short.  [[Martin Hellman]] and [[Whitfield Diffie]] of [[Stanford University]] estimated that a machine fast enough to test that many keys in a day would have cost about $20 million in 1976, an affordable sum to national intelligence agencies such as the US [[National Security Agency]].<ref name="vS8tB">{{cite web|url=http://www.toad.com/des-stanford-meeting.html| title=DES (Data Encryption Standard) Review at Stanford University – Recording and Transcript|year=1976|url-status=live|archive-url=https://web.archive.org/web/20220228142103/http://www.toad.com/des-stanford-meeting.html|archive-date=February 28, 2022|df=mdy-all|access-date=June 26, 2022}}</ref> Subsequent advances in the price/performance of chips kept reducing that cost until, twenty years later, it became affordable for even a small nonprofit organization such as the EFF to mount a realistic attack.<ref name="uIM6F">{{cite web |url=https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker |title=DES Cracker Project |website=[[EFF.org]] |access-date=2013-10-09 |url-status=dead |archive-url=https://web.archive.org/web/20130622022127/https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/ |archive-date=June 22, 2013 |df=mdy-all}}</ref>

==The DES challenges==
DES was a federal standard, and the [[US government]] encouraged the use of DES for all non-classified data. [[RSA Security]] wished to demonstrate that DES's key length was not enough to ensure security, so they set up the [[DES Challenges]] in 1997, offering a monetary prize. The first DES Challenge was solved in 96 days by the [[DESCHALL Project]] led by Rocke Verser in [[Loveland, Colorado]]. RSA Security set up DES Challenge II-1, which was solved by [[distributed.net]] in 39 days in January and February 1998.<ref name="BRkMf">{{cite web|url=http://lists.distributed.net/pipermail/announce/1998/000037.html|title=The secret message is...|author=David C. McNett|date=February 24, 1998|publisher=distributed.net|access-date=February 27, 2014|url-status=live|archive-url=https://web.archive.org/web/20160304000105/http://lists.distributed.net/pipermail/announce/1998/000037.html|archive-date=March 4, 2016| df=mdy-all}}</ref>

In 1998, the EFF built Deep Crack (named in reference to IBM's [[Deep Blue (chess computer)|Deep Blue]] chess computer) for less than $250,000.<ref name="rZLzH">{{cite web|url=http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html|quote=On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize.|title=DES Cracker Project|publisher=EFF|access-date=July 8, 2007|url-status=dead|archive-url=https://web.archive.org/web/20170507231657/https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html|archive-date=May 7, 2017|df=mdy-all}}</ref> In response to DES Challenge II-2, on July 15, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000. The brute force attack showed that cracking DES was actually a very practical proposition. Most governments and large corporations could reasonably build a machine like Deep Crack.

Six months later, in response to RSA Security's DES Challenge III, and in collaboration with distributed.net, the EFF used Deep Crack to decrypt another DES-encrypted message, winning another $10,000. This time, the operation took less than a day – 22 hours and 15 minutes. The decryption was completed on January 19, 1999. In October of that year, DES was reaffirmed as a federal standard, but this time the standard recommended [[Triple DES]].

The small key space of DES and relatively high computational costs of Triple DES resulted in its replacement by [[Advanced Encryption Standard|AES]] as a Federal standard, effective May 26, 2002.

==Technology==
Deep Crack was designed by [[Cryptography Research|Cryptography Research, Inc.]], Advanced Wireless Technologies, and the [[Electronic Frontier Foundation|EFF]]. The principal designer was [[Paul Carl Kocher|Paul Kocher]], president of Cryptography Research. Advanced Wireless Technologies built 1,856 custom [[Application-specific integrated circuit|ASIC]] DES chips (called ''Deep Crack'' or ''AWT-4500''), housed on 29 circuit boards of 64 chips each. The boards were then fitted in six cabinets and mounted in a [[Sun-4|Sun-4/470]] chassis.<ref name="EUmKi">{{cite book|title=Cracking DES – Secrets of Encryption Research, Wiretap Politics & Chip Design|author=Electronic Frontier Foundation|isbn=1-56592-520-3|publisher=Oreilly & Associates Inc|year=1998|url=https://archive.org/details/crackingdes00elec|df=mdy-all|url-access=registration}}</ref>
[[File:Paul kocher deepcrack.jpg|thumb|Paul Kocher of Cryptography Research posing in front of Deep Crack]]
The search was coordinated by a single PC which assigned ranges of keys to the chips. The entire machine was capable of testing over 90 billion keys per second. It would take about 9 days to test every possible key at that rate. On average, the correct key would be found in half that time.

In 2006, another [[custom hardware attack]] machine was designed based on [[FPGA]]s. [[COPACOBANA]] (COst-optimized PArallel COdeBreaker) is able to crack DES at considerably lower cost.<ref name="6yCLD">{{cite web|url=http://www.sciengines.com/copacobana/faq.html|title=COPACOBANA – Special-Purpose Hardware for Code-Breaking|website=www.sciengines.com|access-date=April 26, 2018|url-status=live|archive-url=https://web.archive.org/web/20160724092435/http://www.sciengines.com/copacobana/faq.html|archive-date=July 24, 2016|df=mdy-all}}</ref> This advantage is mainly due to progress in [[integrated circuit]] technology. 

In July 2012, security researchers David Hulton and [[Moxie Marlinspike]] unveiled a cloud computing tool for breaking the [[MS-CHAPv2]] protocol by recovering the protocol's DES encryption keys by brute force.  This tool effectively allows members of the general public to recover a DES key from a known plaintext–ciphertext pair in about 24 hours.<ref name="IkxJV">{{cite web |url=https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |title=Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate |website=CloudCracker.com |date=2012-07-29 |access-date=2016-03-16 |url-status=dead |archive-url=https://web.archive.org/web/20160316174007/https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |archive-date=March 16, 2016 |df=mdy-all}}</ref>

==References==
{{reflist|1=30em}}

==External links==
{{Commons category|EFF DES cracker}}
* [https://web.archive.org/web/20170507231657/https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html The DES Cracker] at the [[Electronic Frontier Foundation]]
* [http://www.cryptography.com/resources/whitepapers/DES-photos.html Photos of the machine] at [[Cryptography Research]]
* [http://crack.sh/ A FPGA implementation using 48 Virtex-6 LX240Ts]
* [https://davesource.com/Projects/DEStiny/ ASIC design from 1994 that could crack DES in 24 hours with 256 custom chips]

{{Cryptography navbox | block}}

[[Category:Cryptographic hardware]]
[[Category:Cryptanalytic devices]]
[[Category:Data Encryption Standard]]
[[Category:One-of-a-kind computers]]