DESCHALL, short for DES Challenge, was the first group to publicly break a message which used the Data Encryption Standard (DES), becoming the $10,000 winner of the first of the set of DES Challenges proposed by RSA Security in 1997. It was established by a group of computer scientists led by Rocke Verser assisted by Justin Dolske and Matt Curtin and involved thousands of volunteers who ran software in the background on their own machines, connected by the Internet. They announced their success on June 18, only 96 days after the challenge was announced on January 28.
To search the 72 quadrillion possible keys of a 56-bit DES key using conventional computers was considered impractical even in the 1990s. Rocke Verser already had an efficient algorithm that ran on a standard PC and had the idea of involving the spare time on hundreds of other such machines that were connected to the internet. So they set up a server on a 486-based PS/2 PC with 56MB of memory and announced the project via Usenet towards the end of March. Client software was rapidly written for a large variety of home machines and eventually some more powerful 64 bit systems.
There were two other main contenders: SoINET (a Swedish group), and a group at Silicon Graphics, a manufacturer of high-performance computers, which was in the lead until late in the day. Other groups using supercomputers withdrew after SYN flood attacks on their networks.
With the software that was used, a single 200 MHz Pentium system was able to test approximately 1 million keys/second if it was doing nothing else. At this rate it would take around 2,285 years to search the entire key-space. The number of computers being used rose rapidly and in the end, a total of 78,000 different IP addresses had been recorded, with a maximum of 14,000 unique hosts in a 24 hour period. By the time the key was found, they had searched about a quarter of the key-space and were searching about 7 billion keys per second, but the number of participants was still increasing rapidly.
The owner of the computer that found the solution was awarded $4,000 of the prize, with the rest going to the originator of the project.
The conclusion of the paper describing the project was "We have demonstrated that a brute-force search of DES keyspace is not only possible, but is also becoming practical for even modestly funded groups. RSA's prize for the find was US$10,000; it is safe to say that DES is inadequate for protecting data of any greater value."
- Matt Curtin (2005). Brute Force. Springer-Verlag, New York.