Mr. Shank - I'm a bit disappointed by your posting about the RC4-40 crack.

Late Tuesday evening a person from France posted a news article to the hacker community claiming success at decrypting a single encrypted message (You could have used his name, and use of the term "hackers" to the press tends to be interpreted as a negative...) Anyway, as to content:

What this person did is decrypt one encrypted message that used RC4-40 for encryption. He used 120 workstations and two parallel supercomputers for 8 days to do so. "Two" parallel supercomputers? You can't really call the Encore Multimax or the Sequent B8000 a supercomputer - both of them together are slower than the HP workstation. The KSR gets closer to supercomputer territory, but it's only cracking keys about six times as fast as the faster DEC Alpha (which Damien only had one of); it increased his horsepower about 20% for two days.

Now, I can see calling a MasPar a "parallel supercomputer"; another effort at the SSL challenge got the answer about 2 hours before Damien's did, and used about 4 days of spare time on the MasPar. Last time I looked, a MasPar was selling for about $150K, though I don't know how big the one used on SSL was. At that price, you could have your own for ~$500/day, and ripping off $2000 on a credit card isn't tough in today's automated world. Next year - computer time costs half as much. Yes, it's still cheaper to get good credit card numbers by scamming carbons at a mall clothing store or yuppie restaurant, but computer networks let criminals run their scams wholesale, putting the public at risk both from organized criminals with their own equipment and any dishonest college student or office worker who's got a roomful of idle computers to use at night. Trading off the cost of breaking security vs. the value to be gained is a good start - lots of people have $2000 of credit limit left on their cards, and most people have more than $0 left.

This level of security has been available in the U.S. versions of our products since last April. Because of export controls it has not been available outside the U.S. We would appreciate your support in lobbying the U.S. government to lift the export controls on encryption. If you'd like to help us lobby the government send email to export@netscape.com.

Thanks for working on this! Bill Stewart ==================== The list of computers =========================== type speed (keys/s) number notes - -------------------------------------------------------- DEC (alpha) 18000-33000 34 DEC (MIPS) 2500-7500 11 SPARC 2000-13000 57 HP (HPPA/snake) 15000 3 Sony (R3000) 1100-4000 3 Sun 3 600 2 Sequent B8000 100 x 10 1 (1) Multimax (NS532) 600 x 14 1 (1) KSR 3200 x 64 1 (1) (2) Notes: 1. These are multiprocessor machines 2. The KSR spent only about 2 days on this computation. The total average searching speed was about 850000 keys/s, with a maximum of 1350000 keys/s (1150000 without the KSR). ==================================================================== #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- "The fat man rocks out Hinges fall off Heaven's door "Come on in," says Bill" Wavy Gravy's haiku for Jerry