Re: What benefit would there be in using triple RC4-40?

mgraffam@mhv.net
Mon, 24 Aug 1998 11:19:24 -0400 (EDT)

• Next message: Andy Brown: "Re: What benefit would there be in using triple RC4-40?"
• Previous message: Ian Sparkes: "Re: random number code."
• Next in thread: Jim Gillogly: "Re: What benefit would there be in using triple RC4-40?"

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 24 Aug 1998, Andy Brown wrote:

> Hi,
>
> Does anyone know the level of security that 3-key RC4-40 (or RC2 for
> that matter) would get you? The reason I ask is that I'm having to do
> some development with MS-CAPI right now and outside the USA we only
> have the weak 40-bit RC4 and RC2 to use.

Well, I'm not completely sure how to answer the question because I don't
know what you mean by 'level of security' .. but to give you an idea
of how easy it would be to crack 40-bit RC4, a com sci student from France
did it in like 3 months using CPU time on a bunch of machines at his
school.

By my calculations, I could do it in 4 months (with an average time of 2
months) using every bit of CPU time I have available to me.

Suffice it to say, this is not good. Dump 40-bit crypto (any cipher, be
it RC4 or anything else). Use something with 128 bits, if that means
dumping MS-CAPI, go for it .. 40-bit crypto is garbage. In my opinion,
it is not good even for transferring personal credit card numbers (which
we expect to be low-profit scams). To break 40-bit crypto takes a number
of computers, worth well more than a credit card's limit .. and a whole
bunch of electricity: but I don't pay for either, and I could break it.
The guy in France didn't pay for the CPU time or the electricity either.

I suspect coordination among 2 or 3 high-school students (from different
schools) could yield the number of machines needed to break RC4 in a
reasonable time too.

In 10 years, I'd bet breaking RC4 would make a nice science fair
project.

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
Be a munitions trafficker: http://www.dcs.ex.ac.uk/~aba/rsa/rsa-keygen.html

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNeGEgAKEiLNUxnAfAQFJKgP/bM7BBxHYca/Ujrjvslf/exzktd1ipKN5
T9NoA/LSfaFU4Pj4VmXGZAsE9U7GLaPZ6JvolL9j3x0l3GJNLCdcyeAekp+AiWcU
IIklug+JC4bxMWT++3v2sssDWAaP8Hly3r16BJjCPcUy9QNwIjzM+QWQayboZbwd
aONLzfwrso8=
=ybwl
-----END PGP SIGNATURE-----

• Next message: Andy Brown: "Re: What benefit would there be in using triple RC4-40?"
• Previous message: Ian Sparkes: "Re: random number code."
• Next in thread: Jim Gillogly: "Re: What benefit would there be in using triple RC4-40?"