by Rik Farrow
<[email protected]>

Rik Farrow provides UNIX and Internet security consulting and training. He is the author of UNIX System Security and System Administrator's Guide to System V.


We live in a rapidly changing environment. Just yesterday, I was watching little puffs of white cloud soar up into the sky above the Mogollon Rim. As these clouds moved higher, they left a smaller, mushroom-like stem below them. Once aloft, they continued to expand, turning from brilliant white to a threatening gray. Within 90 minutes of their first appearance in a cloudless blue sky, thunder was rumbling. The band of young thunderstorms rolled toward the southwest, now visible only on radar (courtesy of Internet weather sites).

Our work environment is changing rapidly as well. When I began writing my UNIX system administration book in 1985, networking was rare, and certainly not the norm. Today, it is rare to find a computer in an organization that is not connected to a network. And organizations themselves are connected by networks, both public and private.

Banks have relied on private networks for years, using encryption to add to the privacy of the data exchanged. The algorithm used, DES, was deemed both secure and safe. Recent collaborative projects using the Internet had shown that "brute forcing" a 56 bit DES key takes weeks of effort involving as many as 14,000 computers. An article about the first DES challenge appeared in the Security special issue of ;login: (May 1998). A second challenge, completed in February of this year, was testing possible keys at a peak rate of 34 billion per second.

Brute Force

The term "brute force," when applied to encryption, means to search the key space, trying each key, until the correct key is found (more on that later). The key space doubles each time another bit is added to the key length. A 16-bit key has a key space of 65536 keys, 17-bits 131072 keys, 18-bits 262144 keys, and so on. There are 72,057,594,037, 927,936 potential 56-bit keys, and trying each of them can take a long time.

It is the length of time spent trying possible keys that provides most of the protection of DES encryption. In early 1997, cracking a 40-bit (RC5) key took only 3.5 hours. The first successful DES challenge <http://www.frii.com/~rcv/deschall.htm> took over four months to search 18 quadrillion keys (almost exactly one quarter of the key space). On the average, a brute force approach will discover the correct key after searching 50% of the key space. In other words, it might have taken as little as several seconds, or as much as 16 months, to discover the correct key during the first DES challenge.

Although the point of the challenge was to underscore the weakness of DES, members of the Department of Justice and Louis Freeh, the Director of the FBI, used the challenge to promote the strength of DES (see <http://jya.com/hir-hear.htm> for a censored version of Freeh's testimony). The US government has opposed the unencumbered use of encryption and its free export under grounds that such availability would aid the "four horsemen": terrorists, drug traffickers, child pornographers, and mobsters. Others have argued that restraint of encryption technology amounts to a denial of the right to free speech. So far, the government has yet to prove the strong encryption has significantly impacted any investigation.

Old Sun Hardware

While the government restricts free trade under the guise of potential criminal investigations, the "others" have not been idle. The Electronic Freedom Frontier <www.eff.org> sponsored a project to develop hardware to crack DES in less than a week, which succeeded in cracking a DES key in only 56 hours (again after a search of approximately 25% of the key space).

Arguing against the government's position, many crypto experts have pointed out that the way to brute force DES is not by ganging many general-purpose computers together, but by building specialized hardware. The government certainly has the means to design and build DES crackers, and the EFF showed that, for a cost of $220,000 and some donated programming time (about two weeks), they could do it too.

The body of the "device" is an old Sun 4/470 chassis, a cabinet about the size of a two-drawer file cabinet containing 12VME bus slots. I remember these partially for their size, but mainly for their banks of noisy fans. Each VMEbus board contains 64 custom ASICs (Application Specific ICs), and each ASIC contains 24 "search units." The EFF group used two chassis, for a total of 24 boards, 1,536 search devices, and a PC to handle control and for checking potentially correct keys.

One of the issues in cracking cryptotext is, how do you know when you have found the correct key? Although the EFF device can handle other attacks, the specific challenge involved a known plaintext attack, that is, that a portion of the plaintext is known. Each search device decrypts eight bytes of cryptotext with the candidate key, and sees if the decrypted result matches the known plaintext. To imagine how this might work in general, if the message is known to be ASCII, the known text will contain only alphanumerics and punctuation, a set of about 56 out of 256 different bytes.

You can learn how to build your own DES cracking device (for only $130,000, as you will not have to design your own ASICs) by reading a new O'Reilly & Associates book, named appropriately, Cracking DES, Secrets of Encryption Research, Wiretap Politics, and Chip Design, and written by John Gilmore and Paul Kocher. You can also view this book online (which will save you having to edit OCR scans of the source code) at <http://www.replay.com/cracking_des/toc.html>.

While building your own DES cracker may not be how you plan on spending your next paycheck, the EFF has pointed out just how easy it can be to recover data encrypted with DES. In earlier work by Michael Wiener of Bell Northern Research in 1993, on paper, a design of a DES cracker would be able to brute force DES keys using a $1 million machine in less than four hours.

Today, our governments probably use such machines to monitor fund transfers, especially international ones. One of the implications of using stronger encryption (longer keys) is that it will become much harder for governments to track the flow of money, which will affect money launderers, as well as the very rich (who might be inclined to avoid taxes by using offshore havens). As far as worrying about having your credit card stolen by some local hackers who have sniffed DES-encrypted transactions is concerned, well, I think they will think of better ways to spend the $130,000.

The Answer

Attacks involving captured communications still occur daily. Although the heyday of password sniffing was in 1994 (when all of the big ISPs had problems), password sniffing still goes on today. Although an ISP is the best place to locate a password sniffer (you can see lots of interesting traffic, as well as passwords which you know will work through a firewall), internal networks are vulnerable as well. The 10pht's-password cracking tool is designed so that it can guess passwords based on the challenge-response pairs sniffable from networks of NT systems <http://www.10pht.com/10phtcrack/download.html>.

One answer would be to encrypt all communications between systems. This solution would please CPU vendors, whose chips have become so fast that they need more work to do (encrypting data would fit the bill). More importantly, encryption would really do a lot to improve network security.

Security Architecture for Internet Protocol, better known as IPSEC, will someday make encryption commonplace. IPSEC already exists (the RFCs date back several years), and there are working implementations of it. One problem with IPSEC (besides government roadblocks to better encryption) is the lack of a working PKI (Public Key Infrastructure). Today, getting IPSEC to work relies on two factors ­ choosing products which interoperate and manually managing keys.

Although many vendors boast of being IPSEC compliant, most vendors' products will not work with other vendors' products. When products comply with a standard, it should imply interoperability as well. One of the main areas of incompatibility has to do with key management. If there were a single PKI, as well as a popular implementation, then vendors would be forced to comply or be left stranded with their private standard.

We might be getting some help from an unlikely source. NT 5 includes IPSEC support and also includes Kerberos and support for certificates services. At the same time, MIT, as well as large financial firms, are pressuring Microsoft to make both their Kerberos and IPSEC implementation interfaces public, and therefore (at least hopefully) interoperable. It might still take years, but we may "soon" see desktop-to-desktop and desktop-to-server encryption as NT 5 installations become common (that's why I said years).

I heard about this while at the LISA-NT conference in Seattle this August. As usual, the first week in August is warm and dry there, but don't tell anybody. Microsoft announced that NT 5 was now some 35 million lines of source (double the size of NT 4). They also announced innovations, such as drive mirroring and RAID, as if they were newly discovered. Many attendees marveled at this. Someone asked if it was possible to script the mirroring interface (for unattended backups and such); the answer, alas, was a qualified no.

Microsoft also announced a UNIX compatibility toolkit, based on MKS-UNIX tools for Windows. The toolkit includes MKS's version of the Korn shell, which prompted a gray-haired man, wearing a T-shirt with his own name on it, to stand up and approach a microphone. This person began to explain to the Microsofties that the MKS Korn shell was not compliant with even half the specifications in the two books published so people can write compliant Korn shells. The Microsoft engineer attempted to argue that their Korn shell was compliant, until someone pointed out that the man he was facing was Dave Korn.

UNIX Forever?

Many strange things have happened in my life. One that had powerful effects on me was the success of UNIX, changing my life in many ways. Instead of becoming an MSDOS or Windows mechanic, I chose to work with UNIX, which has enriched me in many ways. But there were strange side effects, as UNIX became more common.

For several years, I consulted for UNIX World magazine, acting as its technical editor. As UNIX became more mainstream, the magazine found itself in trouble. The traditional "sponsors" of the magazine had stopped buying big ads and were instead placing ads in Business Week and Time. UNIX was no longer a niche market, and the niche magazines suffered. So did the big UNIX shows, with UNIX Expo folding first, and UniForum just last year. Note, however, that UNIX Review survived through evolving.

The rise of NT has been important for UNIX as well. NT has helped push UNIX into mission-critical servers. As a side effect, I have found that my UNIX security courses are more in demand than ever before. Thank you, Microsoft.

The world is a strange and quickly changing place. Today, the scuds that boiled up from the Mogollon Rim have failed to produce thunderstorms, but instead have dotted the sky with fluffy white clouds. It is difficult to see very far into the future, so I will check the radar for the Southwest, and see if there aren't storm clouds hidden behind those distant peaks.