Re: Steganography

From: hal@finney.org
Date: Thu Sep 27 2001 - 11:54:34 MDT


Louis Newstrom writes:
> This is incorrect. A recent incident proved this. A government official
> published a message in one of their "unbreakable" codes, and challenged the
> hacker community to break it. Someone did only a few weeks later.
>
> Turns out, that by using java technology (similar to what SETI is doing) one
> hacker allowed millions of people to connect to his web site and lend him
> their computing power. In this way, a mere individual with just a PC was
> able to harness the computing power of millions of PC's for a few weeks, and
> did a brute-force crack of one of a PGP type code.

I'm not familiar with this case, although it bears some similarity to
various incidents that I've heard of. I don't know of a government
challenge to break a code which was broken a few weeks later.

I do know of some cryptographic mechanisms which have been broken a
few weeks after publishing, sometimes publishing by the government, but
these were broken by analysis and not by brute force. I know that some
challenges have been broken by brute force; for example the original RSA
challenge from Scientific American in 1977 was broken in 1994, and there
have been regular challenges since then which are also being attacked
in this way. These challenges are all meant to be broken.

I'm not familiar with the use of Java for this purpose, since Java
is relatively slow and it is hard to compete with C++ implementations
for heavy numerical work. For almost any attack it would be far more
efficient to get people to run a C++ version of the engine, and in fact
that is how all of the brute force attacks have worked that I know of.

I'd like to learn more about the incident you described if you are
confident that it happened that way.

Hal



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:11:01 MST