[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Idle compute cycles [Re: Netscape's Offical Response]




Peter Shank said a lot of things I agree with in his response to Damien
Doligez' break of an SSL/RC4-40 transaction, and one thing that seems to
miss the point.

> From: [email protected] (Peter Shank)
> Subject: Netscape security

> 2. The standard way to determine the level of security of any encryption
> scheme is to compare the cost of breaking it versus the value of the
> information that can be gained. In this case he had to use roughly

Agreed.

> $10,000 worth of computing power (ballpark figure for having access to
> 120 workstations and a few parallel supecomputers for 8 days) to break
> a single message. Assuming the message is protecting something of less
> value than $10,000, then this information can be protected with only
> RC4-40 security. For information of greater value, currently available
> RC4-128 security should be used.

However, the cost of breaking it to Doligez was essentially nil.  The
machines to which he had access were otherwise idle, and no other users
were competing for them.  The virtually simultaneous break by David Byers
in the team led by Adam Back was the same: idle cycles.  In fact, Byers
was delayed because a real project needed cycles on that machine.

I would hazard a guess that 90% of the compute cycles in the world are used
running screen savers... this gives a <lot> of slack for people who would
like to harness them to perform productive work like making points about
the strength of security.

I would have to say the marginal value of compute cycles is approximately
$0 until enough compute hogs come along to eat from the idle cycle trough.

> 3. Inside the US, software can support a range of stronger encryption
> options, including RC4-128, which is 2^88 times harder to break.

Absolutely.  It's incredibly annoying that companies like Netscape who
understand how to get good transaction security have to settle for "almost
good enough" -- the computing cost of the extra security is almost nil.

>                                            We would appreciate your support
> in lobbying the U.S. government to lift the export controls on encryption.
> If you'd like to help us lobby the government send email to
> [email protected].

Yes!

> Finally, we'd like to reiterate that all this person has done is decrypt
> one single RC4-40 message. RC4 the algorithm and products which use the
> algorithm remain as secure as always.

Yes, but with idle cycles contributed by volunteers the decryption time
on a single RC4-40 message can very likely be reduced to a day or so at
no marginal cost to owners of existing machines... which is the whole point.

Cracking weak crypto is free, and can be combatted only by implementing
strong crypto.

	Jim Gillogly
	Highday, 25 Wedmath S.R. 1995, 17:08