Time to exhaustively break 40-bit RC4?

Perry E. Metzger perry at imsi.com
Mon Dec 12 16:32:34 PST 1994



Raph Levien says:
> The SSL documents say that exhaustively searching 40 bits of RC4
> keyspace takes 64 MIPS-years. When I brought this figure up at the
> cpunks meeting, it was roundly derided. However, I think it might be a
> sound estimate.

Its not a question of deriding the estimate...

> If the math checks out, they should be able to search keyspace in
> two and a half days.

...its a question of deriding the security of any system that takes so
little time to crack, and thats assuming there are no better attacks
than brute force (yet to be determined). With optimization, you can do
even better than that. With a little bit of hardware (not very much)
you can crack open a 40 bit keyspace with the effort normally reserved
for opening your bathroom door in the morning.

Perry






More information about the cypherpunks-legacy mailing list