If it costs $10,000 to crack one 40-bit key (putting aside whether we agree on that price or not), could not the software be designed in such a manner that it is able to check, say, 10,000 keys at the same time? Ie, it computes a key, and then checks it against the array of data to see if it fits any of them, and then goes on to the next one.
Hmm yes and no. - For pure RC4-40 yes. - For export SSL no. It has what is effectively an 88 bit salt (familiar with unix password salts? like that only 88 bits). - For full 128 bit SSL, yes, but 128 bits is a rather large even if you have a few million keys to try at once with speed up gains. 2^128 is a biiig number. - For DES I think so, asked for others opinions, this might be the next one to die, big project but possibly doable with lots of keys at once Adam