1996-04-09 - Re: Bank transactions on Internet

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: “JR Weaver” <weaver@harry.bwi.wec.com>
Message Hash: d2a821e97b208266906ad5f3139545e05247c224f0c863273ae9414d4739b3fb
Message ID: <199604090025.UAA28599@jekyll.piermont.com>
Reply To: <9604081642.ZM1632@harry.bwi.wec.com>
UTC Datetime: 1996-04-09 05:18:49 UTC
Raw Date: Tue, 9 Apr 1996 13:18:49 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Apr 1996 13:18:49 +0800
To: "JR Weaver" <weaver@harry.bwi.wec.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604081642.ZM1632@harry.bwi.wec.com>
Message-ID: <199604090025.UAA28599@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"JR Weaver" writes:
> Is it really that easy to break 40-bit? Don't you need access to a
> "fair amount of cpu power" to brute force crack 40bit?

The rest of this article is a direct quotation from Blaze et al in the
paper they wrote on minimal safe key lengths. Note that they show that
it is easy enough to make a cracker that costs eight cents (CENTS!)
per solution, and not that hard to get it down to 1/10th of a cent!

Full paper at:
ftp://ftp.research.att.com/dist/mab/keylength.txt

}    There is no need to have the resources of an institution of higher
}education at hand, however.  Anyone with a modicum of computer
}expertise and a few hundred dollars would be able to attack 40-bit
}encryption much faster.  An FPGA chip --- costing approximately $400
}mounted on a card --- would on average recover a 40-bit key in five
}hours.  Assuming the FPGA lasts three years and is used continuously
}to find keys, the average cost per key is eight cents.
}
}    A more determined commercial predator, prepared to spend $10,000
}for a set-up with 25 ORCA chips, can find 40-bit keys in an average of
}12 minutes, at the same average eight cent cost.  Spending more money
}to buy more chips reduces the time accordingly:  $300,000 results in
}a solution in an average of 24 seconds; $10,000,000 results in an
}average solution in 0.7 seconds.
}
}    As already noted, a corporation with substantial resources can
}design and commission custom chips that are much faster.  By doing
}this, a company spending $300,000 could find the right 40-bit key in
}an average of 0.18 seconds at 1/10th of a cent per solution; a larger
}company or government agency willing to spend $10,000,000 could find
}the right key on average in 0.005 seconds (again at 1/10th of a cent
}per solution).  (Note that the cost per solution remains constant
}because we have conservatively assumed constant costs for chip
}acquisition --- in fact increasing the quantities purchased of a
}custom chip reduces the average chip cost as the initial design and
}set-up costs are spread over a greater number of chips.)





Thread