On Thu, 15 Sep 1994, Bill Sommerfeld wrote:
I wonder if the NSA would approve it? I think it was Bill Sommerfield who pointed out that it was a little curious that NSA approves RC4 with a 40 bit key when hardware-assisted search like the DES key cracker would appear to be impractical.
Actually, I'm not sure that it's that impractical, but I don't know a heck of a lot about VLSI or hardware design. A fully pipelined chip would require significantly more more chip area than the DES cracker, but you probably don't need that. I'm pretty sure you could make a blazingly fast, non-pipelined, chip with a "key setup" unit and then a "trial encrypt" unit which run in parallel; you clock the key setup unit 256 times to set up the key, then the key gets fed to the trial encrypt unit where it gets tried against the known plaintext/ciphertext pair.. ...
Don't forget the precomputation attack. The key setup only has to be done 2^40 times, ever. The initial state of the stream cipher can be stored on a set of tapes that are read in parallel to perform the brute force attack.