Notre Dame math whiz cracks Certicom code contest

[InfoSec News <isn () c4i org>]

http://www.siliconvalley.com/mld/siliconvalley/4459218.htm

November 06, 2002

OTTAWA, (Reuters) - And you thought you had tough math homework?

Consider the work that went into cracking a secret code developed by
Toronto-based Certicom Corp., which makes wireless encryption
software.

It took the power of 10,000 computers running around the clock for 549
days, coupled with the brain power of a mathematician at Indiana's
University of Notre Dame, to complete one of the world's largest
single math computations.

Certicom had challenged scientists, mathematicians, cryptographers and
hackers to try to break one of the encryption codes the firm uses to
protect digital data.

The solution, rewarded with a $10,000 prize and even richer bragging
rights, was reached at 12:56 p.m. on Oct. 15, said Notre Dame
researcher and teacher Chris Monico.

``I stared at it in mild disbelief for a while,'' he said. ``I wanted
desperately to jump up and down, but the mathematician in me said
`You'd better double check'.''

Monico's pleasure at breaking the code was matched by the contest's
creator and Certicom founder, Scott Vanstone.

``Our technology is based on a very hard mathematical problem, so what
we wanted to do is validate how difficult it really is,'' he told
Reuters.

``When somebody asks have hackers attempted to break your system, we
say of course, we in fact encourage it. Please go try. And here's the
results.''

Vanstone points out the massive computer power used to crack the code
in this challenge would have broken the Enigma code, a cipher used by
Germany during World War Two, in a matter of seconds.

The solution, he added, gave access to just one person's key, or
identity, and cracked only a 109-bit key, whereas Certicom's products
start at a 163-bit key to protect data.

``It would be about 100 million times harder (to break) than what was
just done,'' Vanstone said. ``If you could get every machine on the
planet working on the problem...you're still not going to be able to
touch the 163 problem.''

Monico said he doesn't have time to tackle the next 131-bit key
challenge, which has a $20,000 prize, but did share his computer
program with a ``motley crew'' of half a dozen ``computer guys''.

The Certicom challenge, started in 1997, has attracted 247 teams with
more than 10,000 members, including cryptographers, computer
scientists and mathematicians.

Monico, who took up the challenge to ``raise awareness of
cryptography'', will donate the bulk of his prize money to the Free
Software Foundation and the remaining $2,000 to two men whose
computers helped solve the problem.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.