From: “Perry E. Metzger” <perry@imsi.com>
To: raph@netcom.com (Raph Levien)
Message Hash: d53ff50a17f4f03ea2144d4cfe4d2591892f13a080e709cd20ea17cc3627438e
Message ID: <9412130031.AA11399@snark.imsi.com>
Reply To: <199412122330.PAA29185@netcom20.netcom.com>
UTC Datetime: 1994-12-13 00:32:34 UTC
Raw Date: Mon, 12 Dec 94 16:32:34 PST
From: "Perry E. Metzger" <perry@imsi.com>
Date: Mon, 12 Dec 94 16:32:34 PST
To: raph@netcom.com (Raph Levien)
Subject: Re: Time to exhaustively break 40-bit RC4?
In-Reply-To: <199412122330.PAA29185@netcom20.netcom.com>
Message-ID: <9412130031.AA11399@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Raph Levien says:
> The SSL documents say that exhaustively searching 40 bits of RC4
> keyspace takes 64 MIPS-years. When I brought this figure up at the
> cpunks meeting, it was roundly derided. However, I think it might be a
> sound estimate.
Its not a question of deriding the estimate...
> If the math checks out, they should be able to search keyspace in
> two and a half days.
...its a question of deriding the security of any system that takes so
little time to crack, and thats assuming there are no better attacks
than brute force (yet to be determined). With optimization, you can do
even better than that. With a little bit of hardware (not very much)
you can crack open a 40 bit keyspace with the effort normally reserved
for opening your bathroom door in the morning.
Perry
Return to December 1994
Return to “raph@netcom.com (Raph Levien)”