We have covered basic cryptographic tools that will be useful for building things. But, before you can build, you need to know the structural weaknesses of your tools We will now talk about these weaknesses and the subjects of cryptanalysis and protocol failures DES: Internet Challenges and EFF Multiple DES and Meet in the Middle attack RSA: Low Exponent Attacks Protocol Failures Be careful, here be dragons! Hash Functions: Birthday Attacks and Implications | Breaking Stuff: Cryptanalysis and Protocol Failures Wade Trappe Lecture Overview We have covered basic cryptographic tools that will be useful for building things. But, before you can build, you need to know the structural weaknesses of your tools We will now talk about these weaknesses and the subjects of cryptanalysis and protocol failures DES: Internet Challenges and EFF Multiple DES and Meet in the Middle attack RSA: Low Exponent Attacks Protocol Failures Be careful, here be dragons! Hash Functions: Birthday Attacks and Implications DES: Breaking DES DES is now considered a weak encryption algorithm Several attacks used against DES: Differential and Linear Cryptanalysis Brute Force Attacks Brute force attacks are what ultimately broke DES History: 1977 Diffie and Hellman (we’ll see these guys again ) proposed a strategy for breaking DES in under a day using a $20M machine (1977 dollars) Different approaches to brute force attacks: Distributed computing (the Internet attack) Custom-designed architecture for attacking DES Programmable logic arrays Many hands make light work The distributed computing approach became very popular In 1997 the RSA Data Security company issued a challenge to find the key and crack a DES encrypted message Prize: $10K 5 months later it was broken by Rocke Verner (who had written a program people ran on their machines during spare cycles) Secret Message “Strong cryptography makes the world a safer place” 1998: Similar challenge issued by RSA Data Security DES broken in 39 days. But worse was yet to come. EFF Cracker Also in 1998: The Electronic Frontier Foundation developed a project called DES Cracker. Goal: Use a specialized hardware platform (built using a budget of $200K) to break DES. DES Cracker consisted of three main components Personal Computer Software Collection of Specialized Chips The computer was connected to the array of chips and the software oversaw the tasking of each chip Software gave each chip the information . | Breaking Stuff: Cryptanalysis and Protocol Failures Wade Trappe Lecture Overview We have covered basic cryptographic tools that will be useful for building things. But, before you can build, you need to know the structural weaknesses of your tools We will now talk about these weaknesses and the subjects of cryptanalysis and protocol failures DES: Internet Challenges and EFF Multiple DES and Meet in the Middle attack RSA: Low Exponent Attacks Protocol Failures Be careful, here be dragons! Hash Functions: Birthday Attacks and Implications DES: Breaking DES DES is now considered a weak encryption algorithm Several attacks used against DES: Differential and Linear Cryptanalysis Brute Force Attacks Brute force attacks are what ultimately broke DES History: 1977 Diffie and Hellman (we’ll see these guys again ) proposed a strategy for breaking DES in under a day using a $20M machine (1977 dollars) Different approaches to brute force attacks: Distributed computing (the Internet attack) .