
   
   
   For additional information:
   Patrick Corman
   415-326-9648
   corman@cerfnet.com
   
   
   
   FOR IMMEDIATE RELEASE
   
   Team of Universities, Companies and Individual Computer Users Linked Over the Internet
   Crack RSA's 56-Bit DES Challenge
   
   Landmark Breaking of 56-bit Government Encryption Standard Calls Administration Policy
   Into Question
   
   
   
   REDWOOD CITY, Calif., June 19, 1997 -- In a remarkable demonstration of collective
   computing power, a team of university students, programmers, and scientists linked
   together thousands of computers over the Internet to solve the $10,000 DES Challenge
   sponsored by RSA Data Security, Inc., a wholly-owned subsidiary of Security Dynamics
   Technologies, Inc. (NASDAQ: SDTI).
   
   The DESCHALL effort, led by Loveland, Colorado computer programmer Rocke Verser, used
   networked CPUs from universities and corporations throughout the U.S. to apply "brute
   force" computing power to solve RSA's challenge and break a message encrypted with the
   government's 56-bit Data Encryption Standard (DES) algorithm.
   
   The message discovered by the winning team was "Strong cryptography makes the world a
   safer place."
   
   According to Mr. Verser, the DESCHALL team started their effort in February of this year,
   and searched nearly 18 quadrillion keys at rates of up to 601 trillion keys per day.
   Computers participating in the challenge aimed to try every possible decryption key to
   crack DES. There are over 72 quadrillion possible keys (72,057,594,037,927,936). At the
   time the winning key was reported to RSA, according to Mr. Verser, the DESCHALL effort had
   searched almost 25 percent of the total. Mr. Verser indicated that, at its peak, the
   DESCHALL effort was testing nearly seven billion keys per second.
   
   According to the DESCHALL team, this effort was equivalent to, "searching for a needle in
   a haystack, where the haystack is 2.5 miles wide and one mile high."
   
   The actual computer that found the winning key was a 90 MHz Pentium desktop machine with
   l6 megabytes of random access memory (RAM).
   
   "RSA congratulates the DESCHALL team for their achievement in cracking the 56-bit DES
   message," said Jim Bidzos, president of RSA. "This demonstrates that a determined group
   using easily available desktop computers can crack DES-encrypted messages, making short
   56-bit key lengths and unscaleable algorithms unacceptable as national standards for use
   in commercial applications.
   
   "This event dramatically highlights the fatal flaws in the most recent administration
   proposal, Bill S.909, "The Secure Public Networks Act of 1997," introduced by Senator John
   McCain (R-AZ) and Senator Bob Kerrey (D-NE). This bill, if passed, would severely hamper
   U.S. industry by limiting export to the 56-bit DES standard."
   
   Bidzos continued, "This is another indication of how the administration is out of step
   with the real world. We intend to continue sponsoring the RSA challenge to demonstrate
   that scaleable algorithms and nothing less than 128-bit encryption will provide the
   security required for commercial applications."
   
   "The government needs to take a hard look at its cryptographic policies," said Verser.
   "DES was cracked by thousands of users using ordinary PCs working cooperatively over the
   Internet. DES can no longer be considered secure against a determined adversary."
   
   Widely used by the federal government, the DES algorithm is considered by many scientists
   and cryptographers to offer only marginal protection against attack, thus making it
   unsuitable for future commercial use.
   
   Established in 1997, RSA's Secret-Key Challenge is offered to demonstrate the modest level
   of security in the encryption technology currently allowed to be exported under past and
   current U.S. government policy. U.S. policy on cryptography currently allows export of
   only 40-bit encryption technology with exceptions possible for 56-bit algorithms.
   
   
   
   RSA Data Security, Inc.
   
   RSA Data Security, Inc., a wholly-owned subsidiary of Security Dynamics Technologies,
   Inc., is the world's brand name for cryptography, with more than 80 million copies of RSA
   encryption and authentication technologies installed and in use worldwide. RSA
   technologies are part of existing and proposed standards for the Internet and World Wide
   Web, CCITT, ISO, ANSI, IEEE, and business, financial and electronic commerce networks
   around the globe. The company develops and markets platform-independent developer's kits
   and end-user products and provides comprehensive cryptographic consulting services.
   
   Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the company is
   headquartered in Redwood City, Calif.
   
   
   
   # # #
