Time to exhaustively break 40-bit RC4?

Ian Farquhar ianf at sydney.sgi.com
Mon Dec 12 17:16:20 PST 1994


On Dec 12,  7:31pm, Perry E. Metzger wrote:
> ...its a question of deriding the security of any system that takes so
> little time to crack, and thats assuming there are no better attacks
> than brute force (yet to be determined). With optimization, you can do
> even better than that. With a little bit of hardware (not very much)
> you can crack open a 40 bit keyspace with the effort normally reserved
> for opening your bathroom door in the morning.

Actually, it's a bit more than a "little bit of hardware".  One of the
interesting realisations of pondering VLSI crackers was how much chip
real-estate storing 2048 bits of laregly static internal state required,
disregarding the size of a 2048 bit bus (remember "transistors are cheap,
wires are expensive".)   All transfers would have to be multi-cycle
operations, which adds complexity due to the need to time and synchronise
these transfers.

It's by no means impossible, but the design of such a device is
certainly not a trivial exercise in engineering, and I would never call
the result a "little piece of hardware".

							Ian.







More information about the cypherpunks-legacy mailing list