"JR Weaver" writes:
Is it really that easy to break 40-bit? Don't you need access to a "fair amount of cpu power" to brute force crack 40bit?
The rest of this article is a direct quotation from Blaze et al in the paper they wrote on minimal safe key lengths. Note that they show that it is easy enough to make a cracker that costs eight cents (CENTS!) per solution, and not that hard to get it down to 1/10th of a cent! Full paper at: ftp://ftp.research.att.com/dist/mab/keylength.txt } There is no need to have the resources of an institution of higher }education at hand, however. Anyone with a modicum of computer }expertise and a few hundred dollars would be able to attack 40-bit }encryption much faster. An FPGA chip --- costing approximately $400 }mounted on a card --- would on average recover a 40-bit key in five }hours. Assuming the FPGA lasts three years and is used continuously }to find keys, the average cost per key is eight cents. } } A more determined commercial predator, prepared to spend $10,000 }for a set-up with 25 ORCA chips, can find 40-bit keys in an average of }12 minutes, at the same average eight cent cost. Spending more money }to buy more chips reduces the time accordingly: $300,000 results in }a solution in an average of 24 seconds; $10,000,000 results in an }average solution in 0.7 seconds. } } As already noted, a corporation with substantial resources can }design and commission custom chips that are much faster. By doing }this, a company spending $300,000 could find the right 40-bit key in }an average of 0.18 seconds at 1/10th of a cent per solution; a larger }company or government agency willing to spend $10,000,000 could find }the right key on average in 0.005 seconds (again at 1/10th of a cent }per solution). (Note that the cost per solution remains constant }because we have conservatively assumed constant costs for chip }acquisition --- in fact increasing the quantities purchased of a }custom chip reduces the average chip cost as the initial design and }set-up costs are spread over a greater number of chips.)