REVIEW: "Brute Force", Matt Curtin

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jun 16, 2005.

  1. BKBRTFRC.RVW 20050531

    "Brute Force", Matt Curtin, 2005, 0-387-20109-2, U$25.00/C$33.50
    %A Matt Curtin
    %C 233 Spring St., New York, NY 10013
    %D 2005
    %G 0-387-20109-2
    %I Copernicus/Springer-Verlag
    %O U$25.00/C$33.50 800-842-3636, 212-460-1500, fax: +1-212-254-9499
    %O Audience i+ Tech 2 Writing 3 (see revfaq.htm for explanation)
    %P 291 p.
    %T "Brute Force: Cracking the Data Encryption Standard"

    As the subtitle states, this is the story of the assessment of the
    strength (and weakness) of the Data Encryption Standard, particularly
    as computer power increased over time. Specifically, it is the tale
    of the formation and development of the DESCHALL operation, one of the
    forerunners of It is not just a story, though:
    Curtin tells the tale from a specific social and political
    perspective. An indication of this position is given in the forward,
    where John Gilmore reiterates the somewhat questionable assertion that
    DES was "deliberately ... flawed." Although this work does not
    address more technical aspects of cryptography, using hyperbolic
    arguments such as this may weaken the overall case of the book in
    regard to cryptographic censorship.

    There are forty-one very short chapters to the book, the first
    describing the particular machine that found the key for the first
    DESCHALL distributed cracking attempt. A brief history and background
    for cryptography is given in chapter two.

    Chapter three outlines the process of transforming Lucifer into DES.
    However, there are numerous errors in the account. Some are minor.
    (The Data Encryption Standard and the Data Encryption Algorithm are
    not equivalent: the algorithm is the engine, while the standard
    includes additonal functions for real world operations.) Other
    problems include issues such as the fact that the modification of
    S-boxes (the substitution function, which the book refers to as
    permutation) is mentioned, while that of the P-boxes (permutation) is
    not. Most references state that the Lucifer version finally submitted
    for DES was 70 bit, rather than 112 bit. It is quite misleading to
    say that a 112 bit key is "fifty-six times" as strong as a 56 bit key.
    The Diffie-Hellman objections to the 56 bit key length are not given
    in detail, which makes the arguments hard to assess. Not all the
    dates are given, which sometimes creates difficulty in following the
    thread. (In response to a first draft of this review, Curtin has
    noted that he has collected a fairly extensive errata for the book,
    and hopes to correct the issues in a second edition.)

    Chapter four is a rather mixed bag: despite the "Key Length" title, it
    touches on various algorithms, cryptanalytic concepts, and other
    topics. (There is a seeming confusion of the Vernam cipher with a
    one-time pad, and triple DES is generally considered to have an
    effective 112 or 113 bit key, rather than 168, due to the meet-in-the-
    middle attack.) The author's personal involvement with cryptology,
    and analysis of the feasibility of cracking cryptosystems, is outlined
    in chapters five through eight, culminating in a review of the
    possibilities of distributed computing. The technical, social, and
    political factors involved in creating and operating the DESCHALL team
    are discussed in chapters nine to thirty-eight. (It is odd that
    explanations of IP addresses almost always use the non-routable
    192.168.x.x range. Specific IP addresses have a depressing tendency
    to changeand so non-routable addresses are often used in explanations,
    but it seems particularly inappropriate when the subject deals with
    identification and location of machines.) The material is
    fascinating, instructive, and even exciting at times. Interspersed
    are mentions of legislative debates and hearings into cryptographic
    policy during that time. Two chapters cover events subsequent to DES
    Challenge I, while analysis and lessons learned are reviewed in forty-

    The density of errors in the early chapters is unfortunate, since it
    is not representative of the work as a whole, and yet it may lead
    readers to distrust the facts in the book. In reality, there are
    significant points to be made, not only in terms of cryptography and
    public policy, but also in regard to distributed computing itself.
    The book is certainly useful for those interested in the issue of
    brute force attacks against cryptographic systems, and is an engaging
    read for anyone into technology.

    copyright Robert M. Slade, 2005 BKBRTFRC.RVW 20050531


    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Jun 16, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anthony Boor
    Anthony Boor
    Nov 15, 2004
  2. Martino
    Bill Marshal
    Feb 1, 2006
  3. Christopher Muto

    D70 books - Dennis Curtin or Magic Lantern

    Christopher Muto, Nov 13, 2004, in forum: Digital Photography
    Christopher Muto
    Nov 15, 2004
  4. Shane

    When in doubt use brute force

    Shane, Jul 19, 2007, in forum: NZ Computing
    Rob S
    Jul 24, 2007
  5. Lawrence D'Oliveiro

    Brute-Force SSH Attacks Still Worthwhile

    Lawrence D'Oliveiro, Apr 18, 2009, in forum: NZ Computing
    Lawrence D'Oliveiro
    Apr 18, 2009