SSL challenge -- broken !

Hal hfinney at shell.portal.com
Thu Aug 17 12:32:03 PDT 1995


I can see three ways in which RC4-40 is weaker now than it was when it
was approved for "fast track" export approval.

First, of course, computers get faster every year.  So any fixed cipher
becomes relatively weaker as time goes on.

Second, until earlier this year RC4 was secret.  Then it was posted
anonymously to the cypherpunks list and later to sci.crypt.  Before that
time, only a much smaller number of people would have been in a position
to launch an exhaustive search attack.  But now that the source is
public, virtually anyone can try to crack it.  So this is really a very
significant loss of security.  It also illustrates the difficulty in
keeping secrets which will occur due to the kind of technology we
advocate.

Third, there is much more interest now in actually doing massively
parallel encryption attacks.  The RSA-129 project got a lot of publicity,
and it was followed by the attack on the "Blacknet" 384 bit PGP key by a
small private group earlier this year.  People are aware now of how easy
it is to use parallelism in this kind of work, and with the software Adam
Back has worked on this could become even more popular in the future.  So
all this talk about "6,000 MIPS years" will not be as impressive if any
moderately sized hacker group can put that much computing power together
in a few days.

With these changes, RC4-40 has lost a significant amount of the
cryptographic strength it may have had a year or two ago.  It is
certainly time for the exportable key size to be expanded.

Hal






More information about the cypherpunks-legacy mailing list