Armed with a custom-built computer worth less than $250,000, code breakers competing in an industry contest cracked a widely used method for scrambling sensitive electronic data in less than three days. Critics denounced the feat as irresponsible, saying it could help computer criminals.
The exercise carried a clear political message over limits that the Clinton administration has placed on use of the most powerful data-scrambling software, which can be used within the United States but not shipped overseas.The breakthrough, announced Friday, also alerted the financial industry, which uses encryption to protect records of credit-card transactions and bank transfers.
Kawika Daguio of the American Bankers Association said banks also use methods other than encryption for security and in some cases use a data-scrambling method that is exponentially more difficult to crack.
"This isn't devastating, but it's resulting in calls from CEOs . . . all over the country," Daguio said. "Literally, some people got woke up and had to explain where they were."
Two previous successes at unscrambling similar electronic messages took, respectively, five months and 39 days and used many thousands of computers working together across the Internet to test each of roughly 72 quadrillion possible unlocking combinations.
The breakthrough attempt tested 88 billion possible combinations every second for 56 hours until it unlocked a message that had been scrambled using a government-approved method, called the Data Encryption Standard.
"It makes it perfectly clear that somebody could be and could have been doing this for a number of years," said Whitfield Diffie, a crypto expert and scientist at Sun Microsystems Inc.
The contest to crack the message was sponsored by RSA Data Security Inc. of San Mateo, Calif., which has endorsed use of virtually unbreakable data-scrambling products stronger than 56 bits, meaning its unlocking key is a sequence of 56 1s and 0s.
"I'm fairly certain that foreign governments will have built similar machines to this, and they're using them to eavesdrop in on American communications," said Paul Kocher, president of Cryptography Research Inc. of San Francisco, which helped build the code-breaking computer.
Gene Kathol, chairman of the group that develops banking standards for electronic transactions, said it would be difficult for thieves to use the code-breaking technology to steal money.