Hacker News new | past | comments | ask | show | jobs | submit login
The Internet's first general-purpose distributed computing project (distributed.net)
66 points by bhaile 47 days ago | hide | past | web | favorite | 8 comments

We shall remember distributed.net, it was the first large-scale distributed computing project, and simultaneously, it was a major "armed force" which leaded us to the victory of the first Crypto War for the security and privacy of all.

In the first Crypto War around the mid-90s, the U.S. Government initially repeatedly denied the insecurity of DES algorithm and refused to replace it with a new standard, and falsely claimed that data encrypted by DES was a threat to national security. This stance was not only a denial of privacy, but also a threat to enterprise infosec and e-Commerce. RSA Security, Inc., responded by launching the DES cracking challenge to demonstrate its insecurity.

The first challenge was completed by DESCHALL Project, an university project, but it mobilized thousands of volunteers and managed to bruteforce the 56-bit keyspace in 96 days. The distributed computing setup was an ad-hoc one, and people realized that an infrastructure was needed for more efficient coordination, and it motivated the creation of distributed.net.

The second challenge was completed by distributed.net in 39 days. Here's parts of the original announcement.

> The correct key, 76 9E 8C D9 F2 2F 5D EA, revealed the words which we've been anticipating these past 39 days:

> "The secret message is: Many hands make light work."

> (If you ask me, this is a nice nod in our direction. Thanks, RSA Labs!)

> In addition to proving that 56-bit DES is no longer sufficient for protecting valuable information, we've now also proved that blind luck need not be a factor in brute-force decryption attacks.

> Prospective: If Keys were dollars, we could pay off the U.S. National Debt in 6.25 minutes. If Keys were pennies, we could buy 536249385 Mazda Miatas each day. If Keys were pennies, we could buy 256728249 Jeep Cherokees each day! If you printed a single page to represent each key block as it was checked and placed those pages in a stack, it would grow 12.83 inches taller every minute. If blocks were liters of Dr. Pepper, we could produce 6381493 six-packs each day. If Key Blocks were cheeseburgers, fries, and a large Dr. Pepper, we could feed the entire city of Toronto, Ontario lunch each day.

Even after DES has been demonstrated to be crackable twice in a row, the FBI was still denying its insecurity and denying that the NSA was capable of breaking it.

> "If we hooked together thousands of computers and worked together for months we might, as was recently demonstrated, decrypt one message bit," FBI director Louis Freeh told Congress. "That is not going to make a difference in a kidnapping case. It is not going to make a difference in a national security case. We don't have the technology or the brute force capability to get to this information."

And finally it was the story we all knew.

The EFF funded to build the DES cracker, and collaborated with distributed.net to crack DES again in 22 hours and 15 minutes, on January 19, 1999. The U.S. Government was forced to stop using 56-bit encryption as the public encryption standard, and forced to authorize the NIST to start the AES competition. The age of modern cryptography has came.

What a great story. Unfortunately, it's really sad that in the past few years, the RSA was complicit with pushing backdoored algorithms, i.e. Dual EC DRBG, and even setting it as the default RNG that rendered the entire cryptosystem crackable to the NSA.

There is no reason to trust RSA whatsoever today. In fact, they should be actively distrusted. See https://en.wikipedia.org/wiki/Dual_EC_DRBG

The way I see it, is that RSA Security, Inc. funded the DES cracking challenge primarily because secure e-Commence was crucial to business interests, and it happened to be aligned with civil liberties and privacy issues, but the latter one was not their motivation. They are not a charity, it's just business. So it won't be a surprise to me that RSA introduced Dual_EC_DRBG in the latter days.

A faceless corporation is not something we put trust onto, although sometimes we can have some cooperation if we share common interests. RSA Security, Inc. should still be remembered for its role in removing DES and introducing Dual_EC_DRBG.

Have details come out yet of what precise capability NSA/FBI had to crack DES at the time. It would make an interesting comparison.

I read on HN (IIRC) recently someone speculating that Five Eyes agencies were 10 years ahead of general capabilities (the subject was quantum computing).

BOINC[1] still alive, not sure how relevant though.

[1] https://boinc.berkeley.edu/

SETI@Home was launched in 1999, BOINC was launched in 2002. I suspect distributed.net was an inspiration to both. And interestingly, GIMPS started searching Mersenne Primes in 1997, around the same time when the first DES challenge was active.

I think Plan 9 predates this by a good bit.


Plan 9 was a different kind of distributed that doesn't apply here. IF we used that kind of definition, then JES3 (a spiritual great-great-granddaddy of kubernetes) would be the first.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact