Xbox Private Key Distributed Computing Project 579
aeiz writes "The Neo Project has added "The Xbox Public Key Challenge" to it's distributed computing client. The aim is to compute the 2048 bit private key that Microsoft uses to sign Xbox media. If it is a success, modchips wouldn't be necessary. Now many Xbox hacking and scene sites have started groups in order to compete with one another." gee, only 2048 bits? No problem *cough cough*.
Relating.. (Score:5, Insightful)
Thank you.
sounds illegal to me (Score:1, Insightful)
Slashdot is guilty here too. Guilty of Bad journalism! Advocating illegal activity is pretty unprofessional.
Gee... (Score:5, Insightful)
2. This so that you can feel good subverting an X-Box by making it run Linux
3. By that time the hardware would be definitely obsolete, or X-Box 2 would be out with programs signed with a different key
4. And in any case, buying the X-Box already helps Microsoft. The more units sold, the more games developed.
5. There are tons of other worthwhile distributed computing projects to do out there - Folding@Home [stanford.edu], SETI@Home [berkeley.edu], Mersenne Prime Search [mersenne.org] etc.
Grow up folks! Running Linux on a hacked X-Box is cool, yes, but this might be going too far...
Re:But... (Score:5, Insightful)
It's a good idea to read the DMCA (http://www4.law.cornell.edu/uscode/17/1201.html)
Re:But... (Score:5, Insightful)
The private key isn't a mechanism? Isn't that the essence of DeCSS?
I think certainly distribution of the actual private key would violate the DMCA. But does distribution of keys which are not the private key qualify? I doubt it.
Re:How to Compute Key Cracking? (Score:1, Insightful)
(key == 0x1d92bc01)
2^32/2 tries? You say "If you just try all possible keys", but what if we don't and we exploit the structure of the problem instead?
Re:Gee... (Score:1, Insightful)
Re:How is this thing done anyhow? (Score:5, Insightful)
You'd run into copyright infringement issues - the signed code would be property of the copyright owner, and redistributing it would almost definitely be illegal. No need to take chances; I'm sure Microsoft's IP lawyers are looking for any excuse they can to take this project down.
Re:How will they know when they crack it? (Score:2, Insightful)
Re:But... (Score:2, Insightful)
Re:How to Compute Key Cracking? (Score:2, Insightful)
Re:Gee... (Score:3, Insightful)
Re:Gee... (Score:2, Insightful)
It's pretty obvious that the majority of the crowd here are nothing but Linux fanboys blind to reality. They pretend to be great legal minds, wonderful security experts and fantastic coders all because of a niche OS. The real world is quite different than the one portrayed by Stallhead and that bunch of leftover hippies.
It's time to wake up and realize Microsoft and the DMCA are not the antichrist, and no one cares if Microsoft is losing money on each Xbox sold. That is a meaningless statement to the people who live in the real world. We (those who live in the real world) enjoy playing games on every console, the manufacturer does not matter one bit. Just keep the narrow pinpoint focus and watch where it takes you - right into a pit. And before anyone starts calling me a Microsoft stooge or something like that, I own all 3 consoles and enjoy each one because I don't care who makes them.
Never happen (Score:3, Insightful)
If the encryption on the xbox is not broken (and it might be...) you will NEVER crack a 2048 bit key. If it took d.net 4 years to do a 64 bit key I argue that it will take 2^(2048/64) or 4 BILLION times as long to do the 2048 bit key.
Find another path, this one won't work.
Re:Consider this possibility... (Score:3, Insightful)
If step 1 were accomplished by a leak from the inside, it would be a criminal trade secret violation: at least the leaker would go to jail if caught, and possibly any outsiders who were found to have "conspired" with the leaker. But you propose to do this and then try to cover the tracks. Well, let's see ...
Direct cracking of the key is hopeless, and your notion that it might be found by "sheer luck" is hopeless as well. Finding one key out of 2**2048 possibilities is not going to happen by sheer luck. After all, if you have one billion people working on the problem in parallel, and each person can try a billion keys per second, it will still take you 1e591 years to try all keys, and the expected time to find the key will be the time to try half the keys.
Sure, it's theoretically possible; it's also theoretically possible to suffocate because all the oxygen molecules randomly happen to find themselves on the other side of your room! (though the odds of this happening is a far bigger number).
Making a claim in court that you found the key in this way, if you didn't, will easily be discovered, and then you add perjury to criminal trade secret violation, plus conspiracy. Prepare to be in jail for a long time. And for what? So you can run Linux on an Xbox? Who the hell cares?
Lets try a little calculation... (Score:5, Insightful)
The keyspace is 2^2048. This means that to find it on average in one year, we need to search (2^2048)/2 keys.
There are 365 * 24 * 60 * 60 = 31536000 seconds in a year. A current machine, say 2 GHz, will not be able to check keys any faster than 2 billion per second (in practice the number would be much lower than this, but it cannot be any higher, ignoring chips which can parallelise operations). This means we can check 63072000000000000 keys per machine per second.
This means we need:
( (2048^2)/2 divided by 63072000000000000 ) machines to participate.
That's:
25619138501483231307644340348070421074
536045058749470424288206517
242390857959540549852794245
788307622972306591036879771
555215196986044143194475602
237823719925815402062766832
742821393465861224879124664
631953178327398239073428324
171673195729764659671523380
That's a lot of machines. In fact, every person in the world would need to have:
408818288091685305913758191399560859893800
003998376109373765758136618
074952085782319420248781372
917102669618547672588166152
008706652644606806303666902
892981235565930906683499598
519114104392953160204053596
115413517917473248413544519
032527313815387159252508549
machines.
Good luck
Re:Relating.. (Score:3, Insightful)
Re:Relating.. (Score:5, Insightful)
The RC5-64 project was able to brute force a key in 1757 days using 58,747,597,657 work units tested the winning key was found!
1,757 days is nearly 5 years, meaning that the project would have had to have started five years ago in order to have already been finished. My memory of where, exactly, computers were in 1997-1998 (depending on when the project finished, I'm not sure) is a little fuzzy, but I remember that in mid-1999, a 700mhz Pentium 3 was considered "high end" and the average Dell/Gateway type of computer was running a low-end processor like a Cyrix at roughly 200-300mhz. By comparison, it isn't out of the ordinary to find a 1.6-2ghz processor in a consumer PC right now and the sort of geeks that would make up a decent portion of this project probably have much faster processors than that and a lot more RAM. In addition to that, if Moore's Law were to hold, processors would be improving by at least 2ghz per year from now on instead of the 500-700mhz that they were in 1999.
So really, doesn't the RC5-64 project essentially just show us the length of the race track without giving us any data about the speed of the cars that will be driving on it?
The point really isn't to crack the key... (Score:4, Insightful)
The point is thus: to resist technologies that limit what consumers can do with what they legally own.
Microsoft is a very visible example of an entity trying to tell consumers "you may not do this or that with what you have purchased." In no other industry (save the closely related entertainment industry in this case) do there exist similar shenanigan. If I purchase a computer, I should be damn well permitted to run any type of software on that computer I see fit. The XBox, amongst consoles, is the closest device to a personal computer you can get. And yet, the manufacturer is trying to make it impossible for you to use it how you see fit.
This project is a protest of such consumer-unfriendly tactics. They will never crack the key, but they are still trying and Microsoft as well as many others will be well aware that they are trying. This is resistance. Microsoft, we will put forth the same effort against DRM technologies like Palladium. We'll never stop.
Of course, we could all just not buy XBoxes, Windows, Office, and switch to unencumbered/open technologies, but... I digress.
Re:He's not using Linux, I guess... (Score:3, Insightful)
My calculator has one of those buttons... it's an Hewlett-Packard 11C, and the button is labelled "LOG".