Encryption software maker RSA Data Security has confirmed that a group using computers linked by the Internet has cracked the company's 56-bit DES encryption code as part of an ongoing contest.
Distributed Computing Technologies, an organization devoted to researching the possibilities of distributed computing over the Internet, broke RSA's code in about 40 days. The group parceled out the chore of crunching billions of numerical combinations to computers across the Internet. (The same type of system was recently used to find the world's largest prime number.)
The computers worked on the problem during their idle time in what is called a "brute-force" attack on the secret code, roughly akin to the classic scenario of an infinite number of monkeys with typewriters coming up with a Shakespearian sonnet.
Since last year, RSA has encouraged the Net community to break its codes in an effort to prove that current government rules limiting the export of strong cryptography result in a lack of security for encryption users. To export 56-bit encryption or higher, U.S. software makers such as RSA must receive a special license from the Commerce Department and agree to give law agencies access to the secret codes.
"This makes a statement that the key lengths allowed for export are relatively weak," said RSA principal research scientist Matt Robshaw. "56-bit keys really don't offer that much security."
That's somewhat of an odd statement for a company that makes a living from selling such encryption, but Robshaw points out that stronger encryption algorithms up to 128 bits, also part of RSA's cracking contest, have not been broken yet.
The Distributed team came up with the key "76 9E 8C D9 F2 2F 5D EA," which revealed the secret message: "Many hands make light work."
RSA is doling out cash prizes to the winners of its contests. The faster the code is broken, the more money the company will give away.