If you've already... If you've already looked up cryptography and/or DES in several encyclopedias (i.e. Britannica, Wiki, Google... ), read Kahn's Codebreakers, Mitnick's and Poulsen's books, then there's no real point in reading this one. Oh, and Schneier's Applied Crypto.
I don't know, this is just me
Chronicle of a Distributed Computing Project This book chronicles the history of how the DESCHALL team won the RSA Data Security, Inc.'s contest to crack a message encrypted with 56-bit cryptography. Although the contest was only one in a series sponsored by RSA, this particular contest was highly significant because 56-bit encryption represented the Data Encryption Standard (DES), meeting the specifications for data encryption required by the United States government. Federal law required the use of DES for government cryptography, and many financial and other private institutions also had adopted DES, but cryptographers and computer scientists were uncomfortable with DES because they felt it was too weak. They felt that 56-bit encryption left confidential data vulnerable to brute-force attacks, in which each of the possible decryption keys is tried until the one that will decrypt the message is found. In cracking the message and winning the RSA contest, the DESCHALL team demonstrated that it was indeed possible to defeat 56-bit encryption within a not unreasonable length of time.
But it wasn't easy. The team needed to try trillions upon trillions of possible keys to see which one would unlock the message. If they were to test each key on a single computer in turn, even using a very powerful supercomputer could take years and years. Instead, the team took a very different approach. They created software that could run on ordinary desktop computers, and got thousands of people across the continent (as well as a few in other regions of the world) to run the software on their own computers. The team leaders set up a server on the Internet to send out assignments of blocks of decryption keys for the participating computers to try, and received the results back over the Internet. Such a system in which many computers in many locations work on a single problem is called "distributed computing." The DESCHALL project wasn't the first time distributed computing was used to solve a problem, but it was one of the first to achieve both significant results and widespread publicity. In this book, Curtain details how the DESCHALL team came about, who wrote and distributed the software, and how the distributed computing project was managed, from publicity to enrollment to winning the contest.
In addition to chronicling the progress of the DESCHALL project, Curtain also provides essential background information about cryptography and the associated political issues. One reason why the DES contest was of such interest was that although stronger 128-bit encryption methods existed at the time, US laws restricted the export of such strong encryption software. Proposed legislation would allow the use of strong encryption only if it provided a backdoor for access by law enforcement. Once the DESCHALL team demonstrated that DES encryption could be cracked relatively easily, more lawmakers were convinced of the need to allow the use of better encryption technology. In addition, the restrictions against exporting 128-bit encryption have been relaxed, allowing US companies to compete in the world market for strong encryption software.
The copy-editing of the book was far from perfect, and there are a number of errors that leave readers scratching their heads, such as "After the list bean receiving and distributing about thirty messages daily,..." nevertheless, the overall text is generally clear and fairly easy to comprehend, even for those who are not cryptography experts. The book makes an enjoyable read for those interested in distributed contributing or cryptography and its associated political controversies during the late 1990s.Extraordinary book, manages to explain complex concepts in simple language In 1997 Matt Curtin along with a small team of like minded white-hat hackers set out to prove that the security encryption standard DES, (Data Encryption Standard) was no longer secure. For various reasons the US government had chosen not to allow an upgrade which would provide far superior protection. Curtin and the team known as DES-chell harnessed a vast array of computer buffs, and computers across America to prove this vulnerablity and show that this was a serious matter which needed urgent attention. This is Curtin's account of the process. What sets it apart from many other books on code, and computers is that it is highly accessible. This is a book about the process of discovering the code, but it is also a book about the ramifications, the politics, the arguments offered. It also offers, in highly accessible language background to the complex matters he talks about, which made it easy for me, a non-computer buff, to understand.
His use of analogys were wonderful, so talking about the standard 56bit encryption likened it to having a tumbler safe, with only one tumbler with 10 numbers on it there are only 10 settings which could be the possible combination. The average chance of finding the correct setting will therefore take 5 turns. To increase the security you could either add an extra number to the combination, that is make the tumbler have 11 numbers, or by adding an extra tumbler you increase the number of combinations to 100 and automatically made the likelihood of finding the combination 10 times slower. He likens 56 bit security as having 56 tumblers. However the likelihood of finding the combination was still a possibility with that level of encryption. And this is what he set out to do, he and his team believing that the only standard should be 128 bits.
He harnessed thousands of computers across america, and the way he did this is fully documented. What I really liked was another analogy he used here. He discussed the fact that the Brute Force search for the key involved a whole series of simple calculations, and Brute Force searches of the combination (that is searching every combination until you find one) is simply a matter of time. So the higher the bits used int he secutiry the exponentially longer time it takes. However using hugely intelligent computers isn't the best way to find it - it is like getting a trained mathmetician to do a series of 5th grade math sums. He might do them faster, but not that much faster. What you need is thousands of 5th graders working on the sums. So that's what they literally did. Using computers in homes and labs all over the US - although the key people refined the software in some interesting ways to increase the speed.
This is the story of their search, the competition with other groups also searching for the key, and the eventual outcome of the search. The interesting part of the conclusion in the outcome of the search is that the Press really did not seem to understand the complex issues involved. And they are complex, and yet so straight forward. In light of the Twin Towers the ethics vs the basic rights are probably still being strongly debated.
Matt Curtin manages to guide us through the process in good fashion. It is a good read, complex and thought provoking.
