SAN JOSE, Calif. (IDG) -- Cracking the 56-bit DES encryption algorithm no longer takes a number of years to achieve; it can now be done in one day, as was demonstrated by a hacking group participating in RSA Data Security's yearly DES Challenge contest.

The DES Challenge III, started here at the RSA Data Security Conference on Monday, was over in 22 hours and 15 minutes, according to Jim Bidzos, president and CEO of RSA.

"The trend is very clear: 56 bits really isn't going to be providing you a lot of security," Bidzos said.

"If you are protecting tomorrow's headline I think you're okay at least until the next conference. But if you're protecting something else I think you're going to need something stronger," Bidzos added.

A message, encrypted using the 56-bit DES algorithm was released, with a purse of $1,000 available to whoever could break it in the least amount of time.

MORE COMPUTING INTELLIGENCE

IDG.net home page

InfoWorld home page

InfoWorld forums home page

InfoWorld Internet commerce section

Get Media Grok and The Industry Standard Intelligencer delivered for free

Reviews & in-depth info at IDG.net

IDG.net's personal news page

Subscribe to IDG.net's free daily newsletter for IT leaders

Questions about computers? Let IDG.net's editors help you

Search IDG.net in 12 languages

The algorithm was cracked in record time by the Electronic Frontier Foundation using "Deep Crack," a specially designed supercomputer, and Distributed.Net, a worldwide coalition of computer enthusiasts. The previous record for the amount of time taken to break the code was 56 hours.

Response from industry observers was mostly in agreement: 56-bit DES is no longer secure.

"It indicates the perils that we face if we don't get our acts together on the Internet," said Mark Greene, vice president of security at IBM, in Armonk, N.Y.

The breaking of the code should also send a message to government officials who claim that 56-bit encryption using DES is secure for communications, according to analysts.

"It's more evidence that the U.S. government claim about being unable to break 56-bit DES is nonsense," said Jim Balderston, an industry analyst at Zona Research, in Redwood City, Calif. "They can crack it and they can apply a lot more computer power than a cobbled together machine."

Matthew Nelson is a senior writer for InfoWorld.

Related stories:

Congress considers easing cryptography rules - January 21, 1999
Security elite form SWAT teams to attack viruses - January 19, 1999
Expert confirms 'Russian New Year' danger - January 11, 1999
Trojan horse gathers user data, e-mails it to China - January 8, 1999
RSA wants you to crack this code - December 23, 1998
MCI WorldCom network virus may be inside job - December 22, 1998
Workplace computer virus infections on the rise - September 15, 1998

Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window

DES code cracked in record time (Network World Fusion) Free registration required to view this site.
RSA's Jim Bidzos touts company's Internet encryption technology (InfoWorld Electric)
RSA show to highlight raft of security products (InfoWorld Electric)
VPNs, integrated security on tap at RSA conference (Computerworld)
U.S. government to review 15 DES alternatives (Network World Fusion) Free registration required to view this site.

Related sites:

RSA Data Security, Inc.
Daily Security Wire reports from RSA Data Security Conference 1999.
Electronic Frontier Foundation
distributed.net

External sites are not
endorsed by CNN Interactive.