It was big news earlier this year when the Electronic Frontier Foundation – with the help of Deep Crack, its US$200,000 supercomputer – cracked the 56-bit Data Encryption Standard (DES) in 22 hours and 15 minutes, thereby winning a $10,000 prize from RSA Data Security Inc. Perhaps it shouldn’t have been such big news. Alex Fowler, director of Public Affairs for EFF, says informed sources in his circle report that DES has been cracked in just 15 minutes by the FBI and other intelligence agencies. The FBI naturally isn’t talking.
Should CIOs worry about the frailty of DES? John Gilmore, EFF co-founder and leader of the code-cracking project, thinks they should. “Most companies aren’t aware of how easy it is to break the 56-bit standard,” Gilmore says. “We’ve proven that a nonprofit group can do it for $200,000.”