What do you think?
Rate this book
Brute Force: Cracking the Data Encryption Standard
In 1996, the supposedly uncrackable US federal encryption system was broken. In this captivating and intriguing book, Matt Curtin charts the rise and fall of DES and chronicles the efforts of those who were determined to master it.
304 pages, Hardcover
First published January 1, 2005
41 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
September 16, 2022
This book was very enlightening I must say. Before I read it, whenever I heard the term 'brute force' with regards to computer stuff I always just wrote it off as an inelegant cudgel. The author illustrated to me just how wrong that assumption was in a little less than 300 pages. Between dealing with the US export controls on cryptography at the time, needing to coordinate a project between multiple incompatible operating systems and devices, careful and precise optimization of the coding, and the myriad issues of the growth of the internet in the 1990s it is just amazing the dedication that effort that went into it all.
Perhaps some context is in order, the Data Encryption Standard (DES) was the 'official' standard in use in the United States starting in the late 70s and was used in everything from government work to banking. As you can imagine, security is a huge deal for something this important. Alarms had been raised about the risks of this protocol since the day it was implemented thanks to NSA meddling at the time that led to the key being far smaller than the original proposed design from IBM called for. This came to a boil in the 90s with the so called Crypto Wars as privacy activists and many others decided to take matters into their own hands and prove the dangers inherent in a weak protocol which is where the story here really takes place in the DESCHALL project that the author was a part of.
So that's the basic history of the matter and now for the book itself. The author starts with the early history of cryptography up to the end of World War 2. He then turns his attention to a German born cryptographer named Horst Feistel and his forays into the field; he unwittingly ran head first into the NSA who torpedoed his projects several times over until he joined IBM. There he became part of the 'Lucifer' project to develop a new cryptographic protocol which would be the basis of DES. The first alarms were raised by cryptographers Diffie and Hellman but they were brushed off at the time and DES became the law of the land in 1977.
The story then fast forwards to the 90s when the internet started really taking off and enthusiasts took an active interest in matters like cryptography. Here the author discusses the activism and enthusiasm of the time to illustrate how important the subject is along with demonstrations of how such systems can be cracked wide open. This is where the bulk of the book takes place in the roots of the DESCHALL project and the author's involvement in it as a major developer. He describes the events from the founding of the community to when the DES message was finally broken utilizing a distributed computing network.
By his own admission, he organizes the subject matter by topic rather than chronologically. I'll admit that it did make for easier reading though it would be somewhat annoying to have to sift through everything trying to piece together an overall timeline but it's still doable. That is my one criticism of this book but other than that I thought it was amazing, it was very informative but managed to still remain an engaging read and not just a dry academic text. I would highly recommend this book to anyone who is interested in the history of computers, the early internet, and cryptography.
Perhaps some context is in order, the Data Encryption Standard (DES) was the 'official' standard in use in the United States starting in the late 70s and was used in everything from government work to banking. As you can imagine, security is a huge deal for something this important. Alarms had been raised about the risks of this protocol since the day it was implemented thanks to NSA meddling at the time that led to the key being far smaller than the original proposed design from IBM called for. This came to a boil in the 90s with the so called Crypto Wars as privacy activists and many others decided to take matters into their own hands and prove the dangers inherent in a weak protocol which is where the story here really takes place in the DESCHALL project that the author was a part of.
So that's the basic history of the matter and now for the book itself. The author starts with the early history of cryptography up to the end of World War 2. He then turns his attention to a German born cryptographer named Horst Feistel and his forays into the field; he unwittingly ran head first into the NSA who torpedoed his projects several times over until he joined IBM. There he became part of the 'Lucifer' project to develop a new cryptographic protocol which would be the basis of DES. The first alarms were raised by cryptographers Diffie and Hellman but they were brushed off at the time and DES became the law of the land in 1977.
The story then fast forwards to the 90s when the internet started really taking off and enthusiasts took an active interest in matters like cryptography. Here the author discusses the activism and enthusiasm of the time to illustrate how important the subject is along with demonstrations of how such systems can be cracked wide open. This is where the bulk of the book takes place in the roots of the DESCHALL project and the author's involvement in it as a major developer. He describes the events from the founding of the community to when the DES message was finally broken utilizing a distributed computing network.
By his own admission, he organizes the subject matter by topic rather than chronologically. I'll admit that it did make for easier reading though it would be somewhat annoying to have to sift through everything trying to piece together an overall timeline but it's still doable. That is my one criticism of this book but other than that I thought it was amazing, it was very informative but managed to still remain an engaging read and not just a dry academic text. I would highly recommend this book to anyone who is interested in the history of computers, the early internet, and cryptography.
July 28, 2025
In the mid-1990s, the United States government ratified a cryptography standard called DES, and stipulated that the secret key should only have a size of 56 bits. Security experts sounded the alarm: the key size is too small! To make this point, a small group called DESCHALL created a project to prove that a 56-bit key could be cracked by "brute force" alone.
To do this, a computer program was written to test different keys to decipher a secret message. By the definition of brute force, the program needed to test every possible 56-bit key. 56 bits can produce over 76 quadrillion keys (a 17 digit number). A developer in the DESCHALL group then made the program compatible with the Internet such that the program could run across 100s and even 1000s of computers. Each program then communicated with a central server to receive keys and report on their success.
At its height, over 1000 computers were testing about 4 billion keys every second. This book describes this coordinated effort. Author Matt Curtin describes the mailing list as the primary form of coordination. He also dives into the technical details of the program, which over the course of the project improved greatly. My favorite part was how various random organizations (schools, companies) and interested individuals coordinated and rallied to prove a point that they couldn't make on their own, but together they could.
The book is technical, but not overly technical. There are definitely geeky parts (mailing list issues, server issues) that appealed to me, but a general reader could skip over. Matt's book is composed of many short sections, making it easy to digest. His book is a loving snapshot of the Internet in the mid-1990s, when browsers were just starting to appear on the scene. I appreciated the look back!
Today, DES is succeeded by AES, a standard that allows for much larger key lengths. Wherever you're reading these words, it got to you via security that DESCHALL helped pave the way for.
To do this, a computer program was written to test different keys to decipher a secret message. By the definition of brute force, the program needed to test every possible 56-bit key. 56 bits can produce over 76 quadrillion keys (a 17 digit number). A developer in the DESCHALL group then made the program compatible with the Internet such that the program could run across 100s and even 1000s of computers. Each program then communicated with a central server to receive keys and report on their success.
At its height, over 1000 computers were testing about 4 billion keys every second. This book describes this coordinated effort. Author Matt Curtin describes the mailing list as the primary form of coordination. He also dives into the technical details of the program, which over the course of the project improved greatly. My favorite part was how various random organizations (schools, companies) and interested individuals coordinated and rallied to prove a point that they couldn't make on their own, but together they could.
The book is technical, but not overly technical. There are definitely geeky parts (mailing list issues, server issues) that appealed to me, but a general reader could skip over. Matt's book is composed of many short sections, making it easy to digest. His book is a loving snapshot of the Internet in the mid-1990s, when browsers were just starting to appear on the scene. I appreciated the look back!
Today, DES is succeeded by AES, a standard that allows for much larger key lengths. Wherever you're reading these words, it got to you via security that DESCHALL helped pave the way for.
This entire review has been hidden because of spoilers.
February 14, 2010
Full of useful details about the first large-scale Internet-based distributed computation to crack the Data Encrytion Standard.
November 15, 2014
aaaaaaaaaaaaaaaaaaaaaa
This entire review has been hidden because of spoilers.
Displaying 1 - 4 of 4 reviews