Browser-Based Distributed DES Cracker
What is it?
This is a system for determining the DES encryption key that was used
to encrypt a block of plaintext into some corresponding ciphertext. This is done by
a brute force search of the keyspace (trying every possible key to see
which key encrypts the known plaintext into the known ciphertext).
What makes this system interesting is that it allows anyone to participate
using their web browser. Your browser will ask a server for a small range of
keys to test, test each key in that range, and then report back to the server
whether it found the key that turns the given plaintext into the given ciphertext.
A single web browser would take too long to search
all of the keys, but a few million browsers could do it in a year.
Try it out
Go to the client interface to start participating, via
your browser, in cracking a DES key by brute force testing of the keyspace.
You can also work on keys of your own choosing
without joining in the distributed brute force.
Or, try the easy version (you start very close to the key)
so you can have the full experience. Note that the easy version's database is
automatically reloaded every 15 minutes. The test itself takes about 1 minute
on a decent system, so there's some chance you will get interrupted up in the middle of
the test. If that happens, try again.
Author: Justin Samuel (justin -at- justinsamuel -dot- com)
Initial version: 2008-04-25
Last updated: 2008-04-30
written by others that Schneier included in Applied Cryptography.
- The server side (written by me) is PHP/MySQL and makes use of the
Zend Framework version 1.5.1.
- Malicious clients that report false negatives (key not found when it really was)
can wreak havoc on this system. Dealing with such clients is a whole, big topic
in itself. Other distributed DES cracking systems [DESCHALL] didn't actually
solve the problem or even truly address it, they only required that malicious
clients had to do a little work before providing false responses.
- There's plenty of room in the code for optimization. This is just a proof of
concept. Optimization could be done on the client side to speed up key checking
and on the server side to enable scalability to a degree to handle the number
of clients that would really be required to make a dent in searching the
keyspace. -- The code as-is won't support millions of
simultaneous clients (though it does cover the basics, such as database
integrity when multiple clients affect the database at the same time).
do it (until it's too late).
References and Related Work
- EFF DES cracker
- Optimized key search method used by DESCHALL