Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Politics : Formerly About Advanced Micro Devices -- Ignore unavailable to you. Want to Upgrade?

To: Petz who wrote (47207)	1/25/1999 1:41:00 AM
From: Paul Engel	Read Replies (2) \| Respond to of 1570548

Petz - Re: "The CPU ID number is not necessary for secure transactions." If you think there is a SINGULAR DEFINITION of SECURE, then you are totally incompetent when it comes to discussions of security. Current US laws (with one new exception) allow 56 bits of encryption for software/data transmissions that are "exported" to a foreign country. RSA just awarded $10,000 to a group which successfully cracked 56 bit-encrypted messages in about 22+ hours. Another group accomplished the same task a day or so later within 12 or 13 hours. AND YOU ARE TELLING THE WORLD THAT THOSE 56 BIT- ENCRYPTED MESAGES are SECURE? Get serious - better yet, GET EDUCATED ! Read the article below about RSA, the Electronic Frontier Foundation and other people that MAKE THEIR LIVING in the ENCRYPTION BUSINESS. You clearly are winging it with your mindless BullSht. Paul {==========================================} Record set in cracking 56-bit crypto* By Tim Clark Staff Writer, CNET News.com January 19, 1999, 6:30 p.m. PT URL: news.com update SAN JOSE, California--A joint effort between the Electronic Frontier Foundation and Distributed.Net has set a new record for cracking the 56-bit Data Encryption Standard (DES) algorithm--under 23 hours. That beats a record of 56 hours set in July by EFF's "Deep Crack" machine, a specially built computer for breaking the code. RSA Data Security, which sponsored its third DES-cracking contests, offered $10,000 to anyone who broke DES in under 24 hours. It will pay EFF and Distributed.Net, a worldwide coalition of computer enthusiasts. Deep Crack and Distributed.Net's network of nearly 100,000 PCs on the Internet won DES Challenge III in 22 hours and 15 minutes. "When designing secure systems and infrastructure for society, listen to cryptographers, not to politicians," said John Gilmore, the EFF co-founder who headed the Deep Crack project. He said the record time to crack DES should send "a wake-up call" to anyone who relies on DES to keep data private. RSA sponsors periodic DES-cracking contests to demonstrate that 56-bit encryption, the strongest allowed for export by the U.S. government, is no longer adequate. Gilmore complained about "mixed signals from the [U.S.] government." Last week, he noted, the National Institute of Standards and Technology [NIST] urged the use of Triple-DES rather than DES for security while the Commerce Department limits encryption exports to products with 56-bit crypto--the kind just broken in the RSA challenge. Triple-DES uses the three separate DES keys, so an attacker would have to break the code three separate times. RSA president Jim Bidzos, a frequent critic of government crypto policy who has been rather quiet lately, defended DES. "We came not to bury DES but to praise it," said Bidzos. "DES was a very strong algorithm. But any algorithm, any key size, will eventually run out of life. DES has served well over the last 23 or 24 years." Paul Kocher, who created the software side of Deep Crack, praised RSA, where he once worked, for sponsoring the DES Challenge. "RSA has been one of few companies that encourage people to attack systems; and as a result they are one of the most reputable in the industry," said Kocher, president of Cryptographic Research, a consulting firm. Bizdos called the current policy "simply out of date," adding "industry, businesses, and individuals should be free to use the level encryption they choose. This is the proof--DES is breakable, no question about that." To break the code, the cryptographic key that encrypted a secret message was parceled out to computers linked via Distributed.Net and to Deep Crack, which EFF built last year for under $250,000. The network was testing 245 billion keys per second when the correct key was found. Adopted in 1977 by the U.S. government, 56-bit DES is widely used by U.S. government agencies and financial institutions. The government is now mid-way through a lengthy process to create a new standard algorithm called Advanced Encryption Standard or AES with encryption keys of at least 128 bits. The encrypted message, "See you in Rome [second AES Conference, March 22-23, 1999]," referred to the AES initiative. Go to Front Door \| E-Commerce \| Search \| Short takes \| One Week View

To: Petz who wrote (47207)	1/25/1999 9:01:00 AM
From: herb will	Read Replies (3) \| Respond to of 1570548

John, re:The CPU ID number is not necessary for secure transactions. Will Intel be the only company to use CPU ID? It appears not. Looks like AMD will follow as usual. Read the following comments from this Zdnet article. A couple of excerpts first: ”Rivals of PC chip maker Intel Corp. are likely follow the giant's lead and put electronically accessible serial numbers on their processors, said company officials and analysts on Friday”. "We expect to see our members using this technology," said Lauren Hall, chief technologists for the piracy-busting Software and Information Industry Association, whose members include software makers such as Microsoft Corp., Netscape Communications Corp. and others. "Anytime that you build a new technology for identification, the market is going to find ways to use that to enhance security." zdnet.com Herb