Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Brute Force", Matt Curtin

Thread Tools

REVIEW: "Brute Force", Matt Curtin

Rob Slade, doting grandpa of Ryan and Trevor
Posts: n/a

"Brute Force", Matt Curtin, 2005, 0-387-20109-2, U$25.00/C$33.50
%A Matt Curtin
%C 233 Spring St., New York, NY 10013
%D 2005
%G 0-387-20109-2
%I Copernicus/Springer-Verlag
%O U$25.00/C$33.50 800-842-3636, 212-460-1500, fax: +1-212-254-9499
%O Audience i+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P 291 p.
%T "Brute Force: Cracking the Data Encryption Standard"

As the subtitle states, this is the story of the assessment of the
strength (and weakness) of the Data Encryption Standard, particularly
as computer power increased over time. Specifically, it is the tale
of the formation and development of the DESCHALL operation, one of the
forerunners of It is not just a story, though:
Curtin tells the tale from a specific social and political
perspective. An indication of this position is given in the forward,
where John Gilmore reiterates the somewhat questionable assertion that
DES was "deliberately ... flawed." Although this work does not
address more technical aspects of cryptography, using hyperbolic
arguments such as this may weaken the overall case of the book in
regard to cryptographic censorship.

There are forty-one very short chapters to the book, the first
describing the particular machine that found the key for the first
DESCHALL distributed cracking attempt. A brief history and background
for cryptography is given in chapter two.

Chapter three outlines the process of transforming Lucifer into DES.
However, there are numerous errors in the account. Some are minor.
(The Data Encryption Standard and the Data Encryption Algorithm are
not equivalent: the algorithm is the engine, while the standard
includes additonal functions for real world operations.) Other
problems include issues such as the fact that the modification of
S-boxes (the substitution function, which the book refers to as
permutation) is mentioned, while that of the P-boxes (permutation) is
not. Most references state that the Lucifer version finally submitted
for DES was 70 bit, rather than 112 bit. It is quite misleading to
say that a 112 bit key is "fifty-six times" as strong as a 56 bit key.
The Diffie-Hellman objections to the 56 bit key length are not given
in detail, which makes the arguments hard to assess. Not all the
dates are given, which sometimes creates difficulty in following the
thread. (In response to a first draft of this review, Curtin has
noted that he has collected a fairly extensive errata for the book,
and hopes to correct the issues in a second edition.)

Chapter four is a rather mixed bag: despite the "Key Length" title, it
touches on various algorithms, cryptanalytic concepts, and other
topics. (There is a seeming confusion of the Vernam cipher with a
one-time pad, and triple DES is generally considered to have an
effective 112 or 113 bit key, rather than 168, due to the meet-in-the-
middle attack.) The author's personal involvement with cryptology,
and analysis of the feasibility of cracking cryptosystems, is outlined
in chapters five through eight, culminating in a review of the
possibilities of distributed computing. The technical, social, and
political factors involved in creating and operating the DESCHALL team
are discussed in chapters nine to thirty-eight. (It is odd that
explanations of IP addresses almost always use the non-routable
192.168.x.x range. Specific IP addresses have a depressing tendency
to changeand so non-routable addresses are often used in explanations,
but it seems particularly inappropriate when the subject deals with
identification and location of machines.) The material is
fascinating, instructive, and even exciting at times. Interspersed
are mentions of legislative debates and hearings into cryptographic
policy during that time. Two chapters cover events subsequent to DES
Challenge I, while analysis and lessons learned are reviewed in forty-

The density of errors in the early chapters is unfortunate, since it
is not representative of the work as a whole, and yet it may lead
readers to distrust the facts in the book. In reality, there are
significant points to be made, not only in terms of cryptography and
public policy, but also in regard to distributed computing itself.
The book is certainly useful for those interested in the issue of
brute force attacks against cryptographic systems, and is an engaging
read for anyone into technology.

copyright Robert M. Slade, 2005 BKBRTFRC.RVW 20050531

====================== Removed) (E-Mail Removed) (E-Mail Removed)
============= for back issues:
[Base URL] site
or mirror
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to (E-Mail Removed)
or (E-Mail Removed)

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Matt Drudge gives Firefox Pub. on radio show Anthony Boor Firefox 0 11-15-2004 04:37 PM
D70 books - Dennis Curtin or Magic Lantern Christopher Muto Digital Photography 4 11-15-2004 02:28 AM
Matt's CGI FormMail script ? anOLDun Computer Support 8 01-28-2004 08:58 PM
Where can I get matt prints in UK ? RustYŠ Digital Photography 7 10-03-2003 11:44 PM
Epson paper - matt vs premium glossy Digital Photography 12 09-12-2003 12:57 AM