The crypto wizards who broke the government's encryption standard in less than three days with a single custom-made workstation said in a press conference on the breakthrough Friday that predictions of the code's demise have been circulating for two decades, and speculated that others with less honorable intentions have already pulled off the same trick.
"I'm fairly certain that foreign governments will have built similar machines to this, and are using them to eavesdrop on conversations in the U.S.," said Paul Kocher, a member of the team who helped build the machine for the Electronic Frontier Foundation, during the press conference.
While the Data Encryption Standard (DES) encryption algorithm has long been known to be vulnerable to distributed computing efforts involving tens of thousands of computers, never before has the code been cracked with a single PC. Several of the scientists behind the breakthrough said they are confident that it will be a watershed event in the history of government encryption policy.
The Clinton Administration has set strict controls on the export and use of encryption with a longer-than-40-bit key. But the DES technology proven vulnerable in the EFF test had a 56-bit key, trillions of times stronger than 40-bit technology.
"While in theory everyone had a sense for 20 years that this could happen, no one before had done this publicly," said Burt Kalisky, chief scientist at RSA Laboratories, another member of the EFF's team. The event "doesn't suggest anything that we weren't expecting to see, but it's good that it's finally been documented," he said.
Whitfield Diffie, the inventor of public key cryptography and one of the most famous names in the encryption software industry, said the EFF's experiment exposes vulnerabilities in DES that might head off potentially disastrous network security breaches -- if government and private sector experts take the threat seriously.
"Nobody can say now that this can't be done. From an intelligence point of view, now this is real," Diffie said during the press conference. "I don't think this is by any means the end of this," he added. "There are going to be legitimate reasons for attacking DES maybe for decades in the future."
One area of potential vulnerability is large corporations' e-mail archives, he said. As it becomes apparent that 56-bit key encryption can be broken with a single machine for a price of less than $250,000, skilled crackers will work to improve the technology and bring down the price, Diffie said.
"People will begin going through things like e-mail archives, and the price will come down from tens or hundreds of thousands of dollars to tens or hundreds of dollars," he said.
"I could easily see a situation where someone could do this as a science project in five or six years," said John Gilmore, co-founder of the EFF. But such an attack with a single machine would not work on the much stronger Triple DES algorithm, used in many banking networks, he added.
"At 90 bits of key, it begins to get tough to do this type of crack. At 120 bits of key, it's pretty much impossible," Gilmore said.
Gilmore reiterated Kocher's allegation that similar machines have probably been built by foreign governments or even the U.S. government. Companies deploying the algorithm "have been aware of this for a long time," he said.
Major DES users "have been actively involved in risk management so they can tell if anyone is doing this to them, detect it, and cut it off," Gilmore said.