1995-08-17 - Re: Netsacpe’s Offical Response

Header Data

From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
To: gpowers@spectrum.bradley.edu
Message Hash: ba98937b1d76f912bc96c192bc4968854fe992a66b84439d86b8d5e76ef610e6
Message ID: <199508171825.NAA16520@edison.eng.auburn.edu>
Reply To: N/A
UTC Datetime: 1995-08-17 18:27:25 UTC
Raw Date: Thu, 17 Aug 95 11:27:25 PDT

Raw message

From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Thu, 17 Aug 95 11:27:25 PDT
To: gpowers@spectrum.bradley.edu
Subject: Re:  Netsacpe's Offical Response
Message-ID: <199508171825.NAA16520@edison.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>So in conclusion, we think RC4-40 is strong enough to protect consumer-level
>credit-card transactions -- since the cost of breaking the message is
>sufficiently high to make it not worth the computer time required to do so
....
....
>Finally, we'd like to reiterate that all this person has done is decrypt
>one single RC4-40 message. RC4 the algorithm and products which use the
>algorithm remain as secure as always.
>
>
>

I disagree with the cost assumptions that it costs $10K. These
are "relatively" imaginary costs. If you already have the machines 
(like a lot of universities and corporations) then the marginal
cost of breaking the key is practically nil. The person doing the
cracking certainly doesn't incur any costs. So what if it takes
2 weeks. An evil student/hacker/whatever would be willing to wait two
weeks for a credit card with a $5-$oo limit if he could just use
the machines at night when people might not notice. 
Just my $.02

Re: security of RC4 - agreed completely.





Thread