From: "Deranged Mutant" <WlkngOwl@unix.asb.com>

On 4 Jun 96 at 10:58, Bruce M. wrote:

[..]

...

"If you can ensure secrecy either until no one cares about the information or so that cracking the code costs more than the information is worth, it's 'secure enough.'

"For example a 40-bit key takes about $10,000 worth of supercomputer time and two weeks to crack. Although this key may be adequate to protect my checking account, it's probably not large enough for the accounts of a major corporation. [..]

The figures look familiar. No references around. I'm not sure it would require a whole two weeks for 40-bits, though. Possibly less than a day? (Or was that why you asked baout the figures?)

A week? No. The second round of the cypherpunk's distributed key cracking (which bruted 40 bit RC4) completed in 38 hours. That was a year ago. With the growth in the number of interested people on the net, and the upgrades in cpu power since then, I expect that a similarly motivated effort could burn the same number of cycles in well under 24 hours. (The bottleneck a year ago was in coordination - not raw processing power). Prediction: By the millenium, we'll have made single DES look about as silly as 40 bit RC4 is today. Peter Trei