From: "Ian Farquhar" <ianf@sydney.sgi.com>
Date: Mon, 12 Dec 94 17:16:20 PST
To: cypherpunks@toad.com
Subject: Re: Time to exhaustively break 40-bit RC4?
In-Reply-To: <9412130031.AA11399@snark.imsi.com>
Message-ID: <9412131211.ZM13506@wiley.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Dec 12,  7:31pm, Perry E. Metzger wrote:
> ...its a question of deriding the security of any system that takes so
> little time to crack, and thats assuming there are no better attacks
> than brute force (yet to be determined). With optimization, you can do
> even better than that. With a little bit of hardware (not very much)
> you can crack open a 40 bit keyspace with the effort normally reserved
> for opening your bathroom door in the morning.

Actually, it's a bit more than a "little bit of hardware".  One of the
interesting realisations of pondering VLSI crackers was how much chip
real-estate storing 2048 bits of laregly static internal state required,
disregarding the size of a 2048 bit bus (remember "transistors are cheap,
wires are expensive".)   All transfers would have to be multi-cycle
operations, which adds complexity due to the need to time and synchronise
these transfers.

It's by no means impossible, but the design of such a device is
certainly not a trivial exercise in engineering, and I would never call
the result a "little piece of hardware".

							Ian.