From: aba@dcs.exeter.ac.uk
Date: Thu, 17 Aug 95 13:15:26 PDT
To: hayden@krypton.mankato.msus.edu ("Robert A. Hayden")
Subject: Silly technical question from a non-technical person
Message-ID: <9453.9508172015@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



> If it costs $10,000 to crack one 40-bit key (putting aside whether we 
> agree on that price or not), could not the software be designed in such a 
> manner that it is able to check, say, 10,000 keys at the same time?  Ie, 
> it computes a key, and then checks it against the array of data to see if 
> it fits any of them, and then goes on to the next one.

Hmm yes and no.

- For pure RC4-40 yes.

- For export SSL no.  It has what is effectively an 88 bit salt
  (familiar with unix password salts? like that only 88 bits).

- For full 128 bit SSL, yes, but 128 bits is a rather large even if
  you have a few million keys to try at once with speed up gains.
  2^128 is a biiig number.

- For DES I think so, asked for others opinions, this might be the
  next one to die, big project but possibly doable with lots of keys
  at once

Adam