Re: Single computer breaks 40-bit RC4 in under 8 days

[Rich Graves <llurch@networking.stanford.edu>]

This takes "cracking Netscape security as a new benchmark" to a whole new 
level.

On Thu, 18 Jan 1996, David Golombek wrote:

> MIT Student Uses ICE Graphics Computer
> 
> To Break Netscape Security in Less Than 8 Days

What does this have to do with Netscape? This is about brute-forcing
40-bit RC4.  While Netscape does deserve flogging with a wet noodle down
to the seventh generation for their initial press response, this singling
out Netscape is annoying me a little. 

> While being an active proponent of stronger export encryption, Netscape
> Communications (NSCP), developer of the SSL security protocol, has said that
> to decrypt an Internet session would cost at least $10,000 in computing time.

OK, well, in that case.

> workstations, Doligez averaged 850,000 keys per second.ICE used the
> following formula to determine its $584 cost of computing power: the total
> cost of the computer divided by the number of days in a three-year lifespan
> (1,095), multiplied by the number of days (7.7) it takes to break the code.

This assumes, of however, that collecting encrypted communications,
feeding them to the computer with 100% efficiency, electricity, labor,
etc. are completely free. 

I hope everyone recognizes this as more old news and ICE marketing. In a
fantasy world, the press et al would see this and clamor for the
revocation of ITAR. 

-rich