As usual, this year's RSA contest will pay cash to the first person to crack a message encrypted with a Data Encryption Standard (DES) 56-bit key. But unless the 1999 winner beats a 56-hour record set in July, there's no cash prize. The faster the code is broken, the bigger the prize, up to $10,000.
"It's a reminder to developers that are using DES that they need to switch," said Burt Kaliski, chief scientist at RSA Laboratories, RSA's research arm. "It's not something that happened last summer and then goes away. The contest can keep it on the forefront of people's planning."
RSA, a subsidiary of Security Dynamics sells stronger algorithms.
DES is a 20-year-old protocol created for the U.S. government that has emerged as a standard for single-key encryption, widely used in government and the financial services industry. It uses a single mathematical formula to encrypt and decrypt data. A related standard, Triple DES, uses three DES cryptographic keys, providing far stronger encryption.
RSA's patented public-key, private-key cryptographic algorithms are different and much stronger, requiring one key to scramble data and another unscramble it. RSA President Jim Bidzos has been an outspoken critic of U.S. export controls.
The original DES Challenge was held January 1997, the secret key was discovered in 96 days. In February 1998, the challenge took 41 days, but in July a DES message was cracked in 56 hours by the Electronic Frontier Foundation (EFF), using a network of standard PCs that cost around $220,000.
The DES Challenge III will be launched at 9 a.m. PT January 18 on RSA's home page, coinciding with the annual RSA conference in San Jose. RSA is offering $10,000 to the first entrant to break the code within 24 hours, $5,000 if recovering the key takes 24-48 hours, and $1,000 for breaking it within 56 hours.