A brute force attack on DES has been proven to be within reach of corporations and organised crime since the EFF created the Descracker machine in 1998. In this talk we aim to show just how high up the brute force ladder a single individual, of modest means, can climb.
We first discuss the capabilities and scope of brute force attacks in general, and examine the history of brute force attacks on DES. We then show how, in certain circumstances, a "birthday attack" can be used to dramatically reduce the cost of a brute force attack.
We describe the architecture of a special cracking engine - a pipelined implementation of DES in an FPGA, which compares its outputs against a hash-table in an external RAM. This design puts a new point on the brute force cost versus time graph, bringing birthday attacks on DES within the price range of individuals, and only taking a matter of hours.
The principle behind the attack extends beyond DES to include flawed implementations of triple DES, and other scenarios where keys can be attacked in parallel.