1995-07-17 - Re: RC4 crack

Header Data

From: aba@dcs.exeter.ac.uk
To: hayden@krypton.mankato.msus.edu
Message Hash: 5cfa0491418f53777ffbf6ddfb1775a030198c38a5687414b7d641cd93d51e2f
Message ID: <20156.9507172011@exe.dcs.exeter.ac.uk>
Reply To: N/A
UTC Datetime: 1995-07-17 20:16:38 UTC
Raw Date: Mon, 17 Jul 95 13:16:38 PDT

Raw message

From: aba@dcs.exeter.ac.uk
Date: Mon, 17 Jul 95 13:16:38 PDT
To: hayden@krypton.mankato.msus.edu
Subject: Re: RC4 crack
Message-ID: <20156.9507172011@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain

Robert Hayden <hayden@krypton.mankato.msus.edu> writes on cpunks:
> So what was the result of the RC4 key cracking thing that happened last 
> week?  It's at 100% but that's all it says.

[I answered this in email but the answer is: all will be told soon]

A brief explanation is called for, basically the 100% is %age
allocated, and there are still a few stragglers being swept.

For a brief explanation have a look at the brute-rc4.html page which I
have now updated:


A more detailed report will be posted to cpunks when the last keyspace
has been swept.

We are expecting that no key will be found at this stage, as it was
not sure to being with that the supplied plaintext/ciphertext was a
correct pair of RC4-40.  Lack of open Micro$oft specs on the workings
of Micro$oft Access meant that we were guessing, and hoping that we
got it right.  The original brute rc4 project was started on the basis
of 'lets brute it and see'.  Looks like nothing will come out.

Several folks have various parts of an RC4 SSL bruter (netscape secure
sockets layer) and are working on sockets based farming tools to allow
this one to be more automated, as there have been key space management
problems with the bruterc4 effort.  Also means a better % of idle time
will be soaked on particpating machines, as we will not need to wait
for operators to get in the next morning, or rely on people to
remember which space they have swept to paste back into the confirm

Soon ( a week maybe ) the respective parties hope to have all this
sorted out, and get ready for a SSL breaking effort.

So outcome of RC4 soon, followed by SSL effort announce in a while.

In the RC4 outcome announce will be a % break down of how much compute
people swept, even some folks on single PCs have swept as much as 1%
of keyspace alone in 1 week.