REVIEW: Brute Force: Cracking the Data Encryption Standard

brute force

By Matt Curtin
Springer, 2005
ISBN: 0387201092


Reviewed by Ben Rothke


Brute Force: Cracking the Data Encryption Standard is the story of the life and death of DES (data encryption standard). In the early 1970s, the U.S. government put out an open call for a new, stronger encryption algorithm that would be made into a federal standard, known as FIPS (Federal Information Processing Standard.). Numerous solutions were submitted as the DES candidate, including one from IBM. The IBM solution, originally called Lucifer, was chosen to be used as the encryption algorithm. After that, it became known as DES.

DES is the most widely used method of symmetric data encryption ever created. Its 56-bit key size means that there are roughly 72,000,000,000,000,000 (72 quadrillion) possible encryption keys for any given message. DES was always considered a strong encryption method, but strength is relative.

The strength of an encryption system is measured by how resilient it is against attack. From the outset, it was known that DES was susceptible to brute force attacks. A brute force attack, also known as an exhaustive search is an attack against a cryptosystem in which all possible values for the key are attempted — the bigger the key, the more difficult the attack.

It must be remembered that DES was developed long before desktop computers, so the feasibility of a computer that could perform a brute force attack against DES was rendered so expensive and infeasible that the 56-bit key space (in a 64-bit block) of DES was considered strong enough. In reality, Lucifer actually had an original design of a 128-bit block size and 112-bit key size, but politics got in the way, and DES was created in a crippled state from the onset.

By 1997, DES was cracked, and the start of its downfall had commenced. Brute Force: Cracking the Data Encryption Standard is a firsthand account of how DES was broken. Author Matt Curtin was a member of the DESCHALL team, which was created in response to the RSA Security Inc. RSA Secret Key Challenge. The challenge was to break a DES-encrypted message.

Brute Force comprises two interrelated parts. Part 1 is a short overview of cryptography and encryption. It also details how Curtin first became interested in cryptography in the Bexley, Ohio, public library. Part 1 sets the groundwork for the main subject matter of the book, which is Curtins diary of how DES was broken via DESCHALL.

The unofficial mantra of DESCHALL was that friends didnt let friends have idle computers. DESCHALL was led by Curtin, Rocke Verser, Matt Curtin, and Justin Dolske, and used an Internet-based distributed computing infrastructure. Since brute force attacks are naturally suited to distributed computing, it made for a perfect testing ground to break DES.

Part 2 details the ups and downs of the project. Designing a software system to crunch up to 72 quadrillion is not a easy task, combined with key server crashes, competitive foreign groups, and the U.S. government on your back, made the travails of DESCHALL a challenging endeavor. The success of DESCHALL was to get as many hosts involved as possible. Given the fact that the CPUs of most computers sit idle for most of their lives, such CPUs were of extreme value to DESCHALL.

While Brute Force can be dry at times..

Read more: