[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bank transactions on Internet



> At 12:13 AM 4/9/96 -0700, Steve Reid wrote:
> >> Is it really that easy to break 40-bit? Don't you need access to a "fair
> >> amount of cpu power" to brute force crack 40bit? 
> >
> >I remember reading a recent paper at this URL:
> >  http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii
> >They mentioned a Field Programmable Gate Array (FPGA), specifically a
> >board-mounted AT&T Orca chip available for around $400. They said it could
> >crack a 40-bit key in 5 hours (average). Sounds like anyone with root
> >access on a major internet node could make a significant profit stealing
> >credit card numbers.
> >
> >The FPGA sounds like a very interesting device, with quite a few
> >legitimate uses... Has anyone out there seen one of these? 
> 
> I was hoping a hardware type would answer this question, and give
> references to manufacture's spec sheets, but not having seen such an
> answer, here is a software person's answer.

I thought Perry Metzger's short answer (roughly "yes, but the software
can be tricky") adequate, but as a hardware type I can give some more
insight into the economics.  While my experience is with gate array ASICs
rather than field programmable chips, I have some idea.

My short answer:  Yes, it's that cheap, but only if you already work
with the chip vendor and have the software tools to program the chips.
If not, expect to spend many thousands of dollars buying engineering
expertise and software.

There's a lot of different ways to make chips for a custom application,
which vary in unit cost, startup cost, engineering effort, and production
time.

Some points in the range:  (costs are probably off a bit)

type			startup cost	program		design tool

full custom		$1000000	at design time	schematic editors
ASIC			$100000		at design time	gate synthesis
FPGA			$0		once		vendor's tools
reprogrammable FPGA	$0		dynamically	vendor's tools
DSP chip		$0		easily		compiler
General purpose CPU	$0		very easily	compiler

Anyone who knows these better is welcome to correct me, of course.

I've neglected software costs from this, which are significant.  Chip
synthesis tools are often more expensive than the workstations they run on.

Also, in most cases some of the necesary tools are only available from the
company that sells the chips.  They tend to insist on nondisclosure
agreements and software licenses, which makes anonymous production tricky.

More design effort will give better price/performance.  The appeal of the
Orca and similar chips is that they can be reprogrammed, but still have the
inherent parallelism of gates in silicon.

I expect that in 5 or 10 years, PC's will come with reprogrammable logic
chips and software that takes advantage of it.  At present it really
takes a trained engineer to use these things.  That's just enough difficulty
that people might feel secure, without actually being secure at all.

Jon Leonard