1994-12-13 - Re: Time to exhaustively break 40-bit RC4?

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: raph@netcom.com (Raph Levien)
Message Hash: d53ff50a17f4f03ea2144d4cfe4d2591892f13a080e709cd20ea17cc3627438e
Message ID: <9412130031.AA11399@snark.imsi.com>
Reply To: <199412122330.PAA29185@netcom20.netcom.com>
UTC Datetime: 1994-12-13 00:32:34 UTC
Raw Date: Mon, 12 Dec 94 16:32:34 PST

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Mon, 12 Dec 94 16:32:34 PST
To: raph@netcom.com (Raph Levien)
Subject: Re: Time to exhaustively break 40-bit RC4?
In-Reply-To: <199412122330.PAA29185@netcom20.netcom.com>
Message-ID: <9412130031.AA11399@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Raph Levien says:
> The SSL documents say that exhaustively searching 40 bits of RC4
> keyspace takes 64 MIPS-years. When I brought this figure up at the
> cpunks meeting, it was roundly derided. However, I think it might be a
> sound estimate.

Its not a question of deriding the estimate...

> If the math checks out, they should be able to search keyspace in
> two and a half days.

...its a question of deriding the security of any system that takes so
little time to crack, and thats assuming there are no better attacks
than brute force (yet to be determined). With optimization, you can do
even better than that. With a little bit of hardware (not very much)
you can crack open a 40 bit keyspace with the effort normally reserved
for opening your bathroom door in the morning.

Perry

Thread

• Return to December 1994

• Return to “eric@remailer.net (Eric Hughes)”
• Return to “Hal <hfinney@shell.portal.com>”
• Return to ““Ian Farquhar” <ianf@sydney.sgi.com>”
• Return to ““Kipp E.B. Hickman” <kipp@warp.mcom.com>”
• Return to ““Perry E. Metzger” <perry@imsi.com>”

• Return to “raph@netcom.com (Raph Levien)”

• 1994-12-13 (Mon, 12 Dec 94 16:01:07 PST) - Time to exhaustively break 40-bit RC4? - raph@netcom.com (Raph Levien)
  • 1994-12-13 (Mon, 12 Dec 94 16:32:34 PST) - Re: Time to exhaustively break 40-bit RC4? - “Perry E. Metzger” <perry@imsi.com>
    • 1994-12-13 (Mon, 12 Dec 94 17:16:20 PST) - Re: Time to exhaustively break 40-bit RC4? - “Ian Farquhar” <ianf@sydney.sgi.com>
  • 1994-12-13 (Mon, 12 Dec 94 16:46:00 PST) - Re: Time to exhaustively break 40-bit RC4? - “Ian Farquhar” <ianf@sydney.sgi.com>
    • 1994-12-13 (Mon, 12 Dec 94 17:45:34 PST) - Re: Time to exhaustively break 40-bit RC4? - eric@remailer.net (Eric Hughes)
    • 1994-12-13 (Mon, 12 Dec 94 17:57:45 PST) - Re: Time to exhaustively break 40-bit RC4? - raph@netcom.com (Raph Levien)
  • 1994-12-13 (Mon, 12 Dec 94 17:57:11 PST) - Re: Time to exhaustively break 40-bit RC4? - Hal <hfinney@shell.portal.com>
  • 1994-12-17 (Sat, 17 Dec 94 13:50:01 PST) - Re: Time to exhaustively break 40-bit RC4? - Hal <hfinney@shell.portal.com>
    • 1994-12-17 (Sat, 17 Dec 94 14:35:53 PST) - Re: Time to exhaustively break 40-bit RC4? - eric@remailer.net (Eric Hughes)
  • 1994-12-22 (Thu, 22 Dec 94 13:54:17 PST) - Re: Time to exhaustively break 40-bit RC4? - “Kipp E.B. Hickman” <kipp@warp.mcom.com>