Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Brute Force", Matt Curtin

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKBRTFRC.RVW 20050531 Brute Force , Matt Curtin, 2005, 0-387-20109-2, U$25.00/C$33.50 %A Matt Curtin http://ergo-sum.us/brute-force/ %C 233 Spring St.,
    Message 1 of 1 , Jun 16, 2005
    • 0 Attachment
      BKBRTFRC.RVW 20050531

      "Brute Force", Matt Curtin, 2005, 0-387-20109-2, U$25.00/C$33.50
      %A Matt Curtin http://ergo-sum.us/brute-force/
      %C 233 Spring St., New York, NY 10013
      %D 2005
      %G 0-387-20109-2
      %I Copernicus/Springer-Verlag
      %O U$25.00/C$33.50 800-842-3636, 212-460-1500, fax: +1-212-254-9499
      %O http://www.amazon.com/exec/obidos/ASIN/0387201092/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0387201092/robsladesin03-20
      %O Audience i+ Tech 2 Writing 3 (see revfaq.htm for explanation)
      %P 291 p.
      %T "Brute Force: Cracking the Data Encryption Standard"

      As the subtitle states, this is the story of the assessment of the
      strength (and weakness) of the Data Encryption Standard, particularly
      as computer power increased over time. Specifically, it is the tale
      of the formation and development of the DESCHALL operation, one of the
      forerunners of distributed.net. It is not just a story, though:
      Curtin tells the tale from a specific social and political
      perspective. An indication of this position is given in the forward,
      where John Gilmore reiterates the somewhat questionable assertion that
      DES was "deliberately ... flawed." Although this work does not
      address more technical aspects of cryptography, using hyperbolic
      arguments such as this may weaken the overall case of the book in
      regard to cryptographic censorship.

      There are forty-one very short chapters to the book, the first
      describing the particular machine that found the key for the first
      DESCHALL distributed cracking attempt. A brief history and background
      for cryptography is given in chapter two.

      Chapter three outlines the process of transforming Lucifer into DES.
      However, there are numerous errors in the account. Some are minor.
      (The Data Encryption Standard and the Data Encryption Algorithm are
      not equivalent: the algorithm is the engine, while the standard
      includes additonal functions for real world operations.) Other
      problems include issues such as the fact that the modification of
      S-boxes (the substitution function, which the book refers to as
      permutation) is mentioned, while that of the P-boxes (permutation) is
      not. Most references state that the Lucifer version finally submitted
      for DES was 70 bit, rather than 112 bit. It is quite misleading to
      say that a 112 bit key is "fifty-six times" as strong as a 56 bit key.
      The Diffie-Hellman objections to the 56 bit key length are not given
      in detail, which makes the arguments hard to assess. Not all the
      dates are given, which sometimes creates difficulty in following the
      thread. (In response to a first draft of this review, Curtin has
      noted that he has collected a fairly extensive errata for the book,
      and hopes to correct the issues in a second edition.)

      Chapter four is a rather mixed bag: despite the "Key Length" title, it
      touches on various algorithms, cryptanalytic concepts, and other
      topics. (There is a seeming confusion of the Vernam cipher with a
      one-time pad, and triple DES is generally considered to have an
      effective 112 or 113 bit key, rather than 168, due to the meet-in-the-
      middle attack.) The author's personal involvement with cryptology,
      and analysis of the feasibility of cracking cryptosystems, is outlined
      in chapters five through eight, culminating in a review of the
      possibilities of distributed computing. The technical, social, and
      political factors involved in creating and operating the DESCHALL team
      are discussed in chapters nine to thirty-eight. (It is odd that
      explanations of IP addresses almost always use the non-routable
      192.168.x.x range. Specific IP addresses have a depressing tendency
      to changeand so non-routable addresses are often used in explanations,
      but it seems particularly inappropriate when the subject deals with
      identification and location of machines.) The material is
      fascinating, instructive, and even exciting at times. Interspersed
      are mentions of legislative debates and hearings into cryptographic
      policy during that time. Two chapters cover events subsequent to DES
      Challenge I, while analysis and lessons learned are reviewed in forty-

      The density of errors in the early chapters is unfortunate, since it
      is not representative of the work as a whole, and yet it may lead
      readers to distrust the facts in the book. In reality, there are
      significant points to be made, not only in terms of cryptography and
      public policy, but also in regard to distributed computing itself.
      The book is certainly useful for those interested in the issue of
      brute force attacks against cryptographic systems, and is an engaging
      read for anyone into technology.

      copyright Robert M. Slade, 2005 BKBRTFRC.RVW 20050531

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The gambling known as business looks with austere disfavor upon
      the business known as gambling. - Ambrose Bierce
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.