So far, list members have mostly presented two points of view on the economics of key cracking: o It's free, since it uses spare CPU cycles o It should be priced at the cost of the dedicated computer hardware needed to do it. Both of these approaches are wrong. The first approach fails because it doesn't scale -- there probably aren't enough people willing to crack lots of keys purely for the research interest, hack value, or the goodness of their heart. At the same time, many people and companies have lots of unused CPU time on their hands. Economically, this CPU time is scrap material -- and there are companies out there that do nothing but buy up scrap equipment for pennies on the dollar. Therefore it should be possible to create a market in spare CPU cycles for tasks like this that require massive parallel computing. An earlier suggestion for bounties on keys (basically the Chinese lottery approach) is a step in this direction. I'd also like to point out that a hacker who can sniff out SSL-encrypted packets on a hacked network is going to be vastly harder to catch than someone who trolls through his or her physical community dumpster diving and bribing clerks. The ability to anonymously gather and decrypt credit card numbers has a vastly lower "cost" in terms of likelyhood of prosecution. If it drops down to under $100 per key, it's probably at a good break-even point to do it wholesale. Certainly the out-of-pocket cost of cracking a 40-bit SSL key is less than that right now for a great many people, even without creating a market.