[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Breaking DES anyone? (was: Breaking RC4-40 for less)



> From: [email protected]
> Another approach is to do lots of keys simultaneously - so you set up
> this distributed effort which is continually re-sweeping the 40 bit
> keyspace, say every couple of days or whatever.  You can sweep for
> more than one key at once at very low incremental cost, an extra key
> costs close to nothing.  So say you are searching for 1000 keys at
> once - a dragnet approach - well keys just pop out at random as they
> are hit, maybe straight away maybe at worst case the sweeping
> roll-over time, but on average a key will fall out every 3 minutes.

I don't see how you can sweep for more than one key at once at low cost.
Because of the salt, every possible SSL encrypted message has to be swept
independently.  You can't sweep for two messages' keys at once because the
input to the MD5 is different even for the same 40-bit key.

If digital cash in micro amounts became practical, people could be paid
to let the "idle cycles" on their computers be used for this kind of
highly parallel application.  (Some people have speculated that graphics
rendering would be another suitable choice.)  It would be interesting to
see what the market price of cycles became in such an environment.  That
would give a better benchmark for the cost to break keys.

Hal