I have a feeling that many businesses will set policies to try to stop their workstations and computers from being used in key cracking attempts. They don't now, mainly because for one thing they don't even know about it, and for another thing, it would be a headache to try to administer such a ban. However, the notion that "IBM Corporation" or "Bank of America" will say "Sure, use our idle CPU time to try to crack keys!" seems farfetched. California is one jurisdiction that has made "hacking" a crime. Not clear what this means, but some construe it to mean that any attempts to break into the account of another--or crack a key--is a crime. Not tested in court, etc. But will Bank of America want to decide whether a key cracking effort is a "legitimate academic exercise" (such as the SSL Challenge was, as it involved no damage to any party) or an attempt to use their computers to break into an account or to otherwise compromise a transaction? (I am NOT saying that key-cracking = hacking, in the negative sense of "hacking," but I can certainly imagine cases where it would be. And when Microsoft Network comes out, soon, I think a lot of people will want to poke holes in its security, as we've already seen a bit of. Corporations will not likely take kindly to being involved in something like this.) Thus, I expect something in between the extremes: -- corporations fear liability and will not openly encourage this, even to make a few extra bucks (and it's not at all clear how such bucks would be made, or if big companies would give a rat's ass about earning a few dollars a night....) -- but people with access to these machines will continue to use them for key cracking, factoring, etc. challenges. Could I be wrong in this? Sure. Maybe companies will not care. I doubt this, though. Damien may be able to tell us if Ecole Polytechnique has raised any questions about his highly-publicized attack on the SSL Challenge key. I will _speculate_ that the normally-security-conscious French are considering policies against this. After all, this is one of the countries that bans private possession of strong crypto. (Or, as a French computer scientist told me recently, "Sure, one can apply for a license for crypto...the procedure is the same as applying for a license for your own private Exocet missile.") --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net (Got net?) | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."