From: Adam Shostack <adam@homeport.org>
Date: Sat, 1 Feb 1997 20:59:53 -0800 (PST)
To: azur@netcom.com (Steve Schear)
Subject: Re: "Strong" crypto and export rule changes.
In-Reply-To: <v02140b05af19b18d73ac@[10.0.2.15]>
Message-ID: <199702020455.XAA02857@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:
| >        What the US government will allow to be exported is not "strong
| >encryption."  It is encryption only slightly too strong to be broken
| >by an amateur effort.  For the right investment in custom hardware, it
| >falls quickly.  (500,000 $US = 3.5 hour avg break).
| >
| 
| Considering Ian's feat you certainly seem to have had your crystal
| ball in hand.  

	I wear three around my neck.  Its a new age thing.

	More seriously, that estimate is the cost of breaking DES on
custom hardware, based on Wiener's figures.  Ian got RC4-40 in 3.5
hours on I don't know how much hardware, not a lot of it custom,
AFAIK.

Adam

-- 
Pet peeve of the day: Security companies whose protocols dare not
speak their name, because they don't have one. Guilty company of the
day is now V-One.