I can see three ways in which RC4-40 is weaker now than it was when it was approved for "fast track" export approval. First, of course, computers get faster every year. So any fixed cipher becomes relatively weaker as time goes on. Second, until earlier this year RC4 was secret. Then it was posted anonymously to the cypherpunks list and later to sci.crypt. Before that time, only a much smaller number of people would have been in a position to launch an exhaustive search attack. But now that the source is public, virtually anyone can try to crack it. So this is really a very significant loss of security. It also illustrates the difficulty in keeping secrets which will occur due to the kind of technology we advocate. Third, there is much more interest now in actually doing massively parallel encryption attacks. The RSA-129 project got a lot of publicity, and it was followed by the attack on the "Blacknet" 384 bit PGP key by a small private group earlier this year. People are aware now of how easy it is to use parallelism in this kind of work, and with the software Adam Back has worked on this could become even more popular in the future. So all this talk about "6,000 MIPS years" will not be as impressive if any moderately sized hacker group can put that much computing power together in a few days. With these changes, RC4-40 has lost a significant amount of the cryptographic strength it may have had a year or two ago. It is certainly time for the exportable key size to be expanded. Hal