1995-08-17 - Re: Breaking DES anyone? (was: Breaking RC4-40 for less)

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 676aab13d2ac70243680216f169e091a66a6b4632d35e03249af6785cdab8992
Message ID: <199508171923.MAA17947@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-08-17 19:24:49 UTC
Raw Date: Thu, 17 Aug 95 12:24:49 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Thu, 17 Aug 95 12:24:49 PDT
To: cypherpunks@toad.com
Subject: Re:  Breaking DES anyone? (was: Breaking RC4-40 for less)
Message-ID: <199508171923.MAA17947@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: aba@dcs.exeter.ac.uk
> Another approach is to do lots of keys simultaneously - so you set up
> this distributed effort which is continually re-sweeping the 40 bit
> keyspace, say every couple of days or whatever.  You can sweep for
> more than one key at once at very low incremental cost, an extra key
> costs close to nothing.  So say you are searching for 1000 keys at
> once - a dragnet approach - well keys just pop out at random as they
> are hit, maybe straight away maybe at worst case the sweeping
> roll-over time, but on average a key will fall out every 3 minutes.

I don't see how you can sweep for more than one key at once at low cost.
Because of the salt, every possible SSL encrypted message has to be swept
independently.  You can't sweep for two messages' keys at once because the
input to the MD5 is different even for the same 40-bit key.

If digital cash in micro amounts became practical, people could be paid
to let the "idle cycles" on their computers be used for this kind of
highly parallel application.  (Some people have speculated that graphics
rendering would be another suitable choice.)  It would be interesting to
see what the market price of cycles became in such an environment.  That
would give a better benchmark for the cost to break keys.

Hal





Thread