[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Silly technical question from a non-technical person

> If it costs $10,000 to crack one 40-bit key (putting aside whether we 
> agree on that price or not), could not the software be designed in such a 
> manner that it is able to check, say, 10,000 keys at the same time?  Ie, 
> it computes a key, and then checks it against the array of data to see if 
> it fits any of them, and then goes on to the next one.

Hmm yes and no.

- For pure RC4-40 yes.

- For export SSL no.  It has what is effectively an 88 bit salt
  (familiar with unix password salts? like that only 88 bits).

- For full 128 bit SSL, yes, but 128 bits is a rather large even if
  you have a few million keys to try at once with speed up gains.
  2^128 is a biiig number.

- For DES I think so, asked for others opinions, this might be the
  next one to die, big project but possibly doable with lots of keys
  at once