From: "Peter Trei" <trei@process.com>
Date: Sat, 8 Jun 1996 07:08:18 +0800
To: cypherpunks@toad.com
Subject: Re: Cost of brute force decryption.
Message-ID: <199606071645.JAA04692@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
> 
> On  4 Jun 96 at 10:58, Bruce M. wrote:
> 
> [..]
> > 	"If you can ensure secrecy either until no one cares about the 
> > information or so that cracking the code costs more than the information 
> > is worth, it's 'secure enough.'
> > 
> > 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
> > time and two weeks to crack.  Although this key may be adequate to 
> > protect my checking account, it's probably not large enough for the 
> > accounts of a major corporation.
> [..]
> 
> The figures look familiar.  No references around.  I'm not sure it would 
> require a whole two weeks for 40-bits, though.  Possibly less than a 
> day? (Or was that why you asked baout the figures?)

A week? No.

The second round of the cypherpunk's distributed key cracking (which 
bruted 40 bit RC4) completed  in 38 hours. That was a year ago.
With the growth in the number of interested people on the net, and the
upgrades in cpu power since then, I expect that a similarly motivated 
effort could burn the same number of cycles in well under 24 hours.
(The bottleneck a year ago was in coordination - not raw processing
power).

Prediction: By the millenium, we'll have made single DES look about as
silly as 40 bit RC4 is today.

Peter Trei