Re: Cost of brute force decryption
On 4 Jun 96 at 10:58, Bruce M. wrote: [..]
"If you can ensure secrecy either until no one cares about the information or so that cracking the code costs more than the information is worth, it's 'secure enough.'
"For example a 40-bit key takes about $10,000 worth of supercomputer time and two weeks to crack. Although this key may be adequate to protect my checking account, it's probably not large enough for the accounts of a major corporation. [..]
The figures look familiar. No references around. I'm not sure it would require a whole two weeks for 40-bits, though. Possibly less than a day? (Or was that why you asked baout the figures?) The "$10,000 worth of supercomputer time" is fuzzy. One thing that's left out is that once an organization already owns the equipment and has the money to spare, it may be worthwhile to crack things of less importance like personal checking info, email, etc. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto) AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com> Send a message with the subject "send pgp-key" for a copy of my key.
On Wed, 5 Jun 1996, Deranged Mutant wrote:
The figures look familiar. No references around. I'm not sure it would require a whole two weeks for 40-bits, though. Possibly less than a day? (Or was that why you asked baout the figures?)
The "$10,000 worth of supercomputer time" is fuzzy. One thing that's left out is that once an organization already owns the equipment and has the money to spare, it may be worthwhile to crack things of less importance like personal checking info, email, etc.
Obviously this will depend on what type of computer(s) you are using among other things. That was what I'm curious about. Is there some type of rough formula where you could just plug in the different variables (computer speed, speed of each attempt, key length, etc.) and come up with some type of answer. I was also curious to find out if anyone knew where he had come up with these figures. Bruce M. * brucem@feist.com ~---------------------------------------------------~ "Knowledge enormous makes a god of me." -- John Keats
Everyone seems to be arguing about whether brute force decryption of RC-40 costs "tens of thousands" or not. The answer is it costs pennies. Literally. See the "Big Seven" paper on why key lengths of over 80 bits are required to read the details. ftp://ftp.research.att.com/dist/mab/keylength.txt Perry
"For example a 40-bit key takes about $10,000 worth of supercomputer time and two weeks to crack. Although this key may be adequate to protect my checking account, it's probably not large enough for the accounts of a major corporation.
The figures look familiar. No references around. I'm not sure it would require a whole two weeks for 40-bits, though. Possibly less than a day? (Or was that why you asked baout the figures?)
Um, These 'NT Magizine' people are rather clueless. A $400 FPGA can crack a 40 bit key in an average of 5 hours. See the report by seven well-known experts at http://www.bsa.org/bsa/cryptologists.html ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:)
participants (4)
-
Bruce M. -
Deranged Mutant -
Perry E. Metzger -
Steve Reid