Netsacpe's Offical Response
Doug Hughes
Doug.Hughes at Eng.Auburn.EDU
Thu Aug 17 11:27:25 PDT 1995
>So in conclusion, we think RC4-40 is strong enough to protect consumer-level
>credit-card transactions -- since the cost of breaking the message is
>sufficiently high to make it not worth the computer time required to do so
....
....
>Finally, we'd like to reiterate that all this person has done is decrypt
>one single RC4-40 message. RC4 the algorithm and products which use the
>algorithm remain as secure as always.
>
>
>
I disagree with the cost assumptions that it costs $10K. These
are "relatively" imaginary costs. If you already have the machines
(like a lot of universities and corporations) then the marginal
cost of breaking the key is practically nil. The person doing the
cracking certainly doesn't incur any costs. So what if it takes
2 weeks. An evil student/hacker/whatever would be willing to wait two
weeks for a credit card with a $5-$oo limit if he could just use
the machines at night when people might not notice.
Just my $.02
Re: security of RC4 - agreed completely.
More information about the cypherpunks-legacy
mailing list