Tim May <tcmay@got.net> writes:

...

Hmm, I don't know about anyone else around here, but my workstation is idle 99% of the time. I could almost certainly get access to all the spare CPU cycles on 120 workstations for free, and I suspect that a lot of people (particularly hackers) could do so as well. There's no need to spend $ 10,000 on renting them.

But, Mark, estimates of the cost to crack a key _must_ be based on market prices, not on opportunistic access to machines. Such access is good for occasional, or one-shot, deals, but not for routine use.

For example, one doesn't say "Hey, I don't see how Hertz can charge $40 a day to rent a car...my friend lets me use his for free." [...] "Standard accounting practices" dictate the way to estimate production costs.

Agreed. *But* the real cost to a particular organisation, is subsidised by the amount of idle compute cycles they have. You can't take this into account very easily or accurately for a general figure, where raw $ are probably the best figure. For instance I know someone who works for a large UK newspaper (he's admin for their unix workstations), and he says there are acres of RS6000s just sitting there idling most of the time. They are used for document preparation only (what a waste all that lovely silicon just burning cylces, and being occasionally used as a glorified word processor). Anyway point being to that particular organisation, if they for some reason (I dunno but say a big scoop - they need to nefariously break something to get the low down on a politician - unofficially of course), their real cost is quite a bit lower than the raw $, perhaps 0 cost even if they can wait long enough for their impromptu farm to do the job. This doesn't really affect the raw $ cost as such, people just need to estimate the amount of wasted $ equivalent of idle compute they already have in their personal calculations. It would sound better if various news papers would care to print something along the lines of "with idle compute powers as many typical organisations have in abundance". Papers printing high sounding $ figures is though technically accurate (perhaps not too sure about the accuracy), mis-leading to general public who probably don't realise that there is a few $100 tho of idle compute lying around in the accounts department already! In summary, yes but it doesn't sound as good, and folks don't equate idle CPU to $ intuitively. Adam -- HAVE *YOU* EXPORTED RSA TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ --rsa--------------------------8<------------------------------- #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2) -------------------------------8<------------------------------- TRY: rsa -k=3 -n=7537d365 < msg | rsa -d -k=4e243e33 -n=7537d365