From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 5 Jun 1996 18:20:52 +0800
To: "Bruce M." <brucem@wichita.fn.net>
Subject: Re: Cost of brute force decryption
Message-ID: <199606050631.CAA01285@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Jun 96 at 10:58, Bruce M. wrote:

[..]
> 	"If you can ensure secrecy either until no one cares about the 
> information or so that cracking the code costs more than the information 
> is worth, it's 'secure enough.'
> 
> 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
> time and two weeks to crack.  Although this key may be adequate to 
> protect my checking account, it's probably not large enough for the 
> accounts of a major corporation.
[..]

The figures look familiar.  No references around.  I'm not sure it would 
require a whole two weeks for 40-bits, though.  Possibly less than a 
day? (Or was that why you asked baout the figures?)

The "$10,000 worth of supercomputer time" is fuzzy.  One thing that's
left out is that once an organization already owns the equipment and 
has the money to spare, it may be worthwhile to crack things of less 
importance like personal checking info, email, etc.

Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.