From: daveg@pakse.mit.edu (David Golombek)
To: cypherpunks@toad.com
Message Hash: c7c3e0f6585d2b4299c3b8dd6d620e84cf581dd0b3da34bd126f8cd7380aa80f
Message ID: <9601190145.AA11333@pakse.mit.edu>
Reply To: N/A
UTC Datetime: 1996-01-19 01:57:44 UTC
Raw Date: Fri, 19 Jan 1996 09:57:44 +0800
From: daveg@pakse.mit.edu (David Golombek)
Date: Fri, 19 Jan 1996 09:57:44 +0800
To: cypherpunks@toad.com
Subject: Single computer breaks 40-bit RC4 in under 8 days
Message-ID: <9601190145.AA11333@pakse.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
MIT Student Uses ICE Graphics Computer
To Break Netscape Security in Less Than 8 Days
Cost to crack Netscape security falls from $10,000 to $584
CAMBRIDGE, Mass., January 10, 1996 -- An MIT undergraduate and part-time
programmer used a single $83,000 graphics computer from Integrated Computing
Engines (ICE) to crack Netscape's export encryption code in less than eight
days. The effort by student Andrew Twyman demonstrated that ICE's advances
in hardware price/performance ratios make it relatively inexpensive -- $584
per session -- to break the code.
While being an active proponent of stronger export encryption, Netscape
Communications (NSCP), developer of the SSL security protocol, has said that
to decrypt an Internet session would cost at least $10,000 in computing time.
Twyman used the same brute-force algorithm as Damien Doligez, the French
researcher who was one of the first to crack the original SSL Challenge.
The challenge presented the encrypted data of a Netscape session, using the
default exportable mode, 40-bit RC4 encryption. Doligez broke the code in
eight days using 112 workstations.
"The U.S. government has drastically underestimated the pace of technology
development," says Jonas Lee, ICE's general manager. "It doesn't take a
hundred workstations more than a week to break the code -- it takes one ICE
graphics computer. This shuts the door on any argument against stronger
export encryption."
Breaking the code relies more on raw computing power than hacking expertise.
Twyman modified Doligez's algorithm to run on ICE's Desktop RealTime Engine
(DRE), a briefcase-size graphics computer that connects to a PC host to
deliver performance
of 6.3 Gflops (billions of floating point instructions per second).
According to Twyman, the program tests each of the trillion 40-bit keys
until it finds the correct one. Twyman's program averaged more than 830,000
keys per second, so it would take 15 days to test every key. The average
time to find a key, however, was 7.7 days. Using more than 100
workstations, Doligez averaged 850,000 keys per second.ICE used the
following formula to determine its $584 cost of computing power: the total
cost of the computer divided by the number of days in a three-year lifespan
(1,095), multiplied by the number of days (7.7) it takes to break the code.
ICE's Desktop RealTime Engine combines the power of a supercomputer with the
price of a workstation. Designed for high-end graphics, virtual reality,
simulations and compression, it reduces the cost of computing from $160 per
Mflop (millions of floating point instructions per second) to $13 per Mflop.
ICE, founded in 1994, is the exclusive licensee of MeshSP technology from
the Massachusetts Institute of Technology (MIT).
###
INTEGRATED COMPUTING ENGINES, INC.
460 Totten Pond Road, 6th Floor
Waltham, MA 02154
Voice: 617-768-2300, Fax: 617-768-2301
FOR FURTHER INFORMATION CONTACT:
Bob Cramblitt, Cramblitt & Company
(919) 481-4599; cramco@interpath.com
Jonas Lee, Integrated Computing Engines
(617) 768-2300, X1961; jonas@iced.com
Note: Andrew Twyman can be reached at kurgan@mit.edu.
Return to January 1996
Return to “Sten Drescher <stend@grendel.texas.net>”