From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 7 Jun 1996 20:32:53 +0800
To: cypherpunks@toad.com
Subject: Re: Cost of brute force decryption
Message-ID: <199606070859.BAA24817@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 6/5/96 -0700, you wrote:
>> > 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
>> > time and two weeks to crack.  Although this key may be adequate to 
>> > protect my checking account, it's probably not large enough for the 
>> > accounts of a major corporation.
>> The figures look familiar.  No references around.  I'm not sure it would 
>> require a whole two weeks for 40-bits, though.  Possibly less than a 
>> day? (Or was that why you asked baout the figures?)

It was from The Newspapers, of course :-)  The "$10,000 of supercomputer time"
was in an initial press release description by somebody in Netscape or RSA
after the RC4/40 Netscape crack, and was way high.  (Check Altavista...)

However, it's not too far off for the cost of a DES crack, where "supercomputer"
is defined as "a special-purpose cracking machine" rather than "a Cray"..
(Maybe an order of magnitude high for that.)  And the description of
$10,000 as "maybe enough to protect my checking account, but not large enough
for the accounts of a major corporation" is about right.  
#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!