[539] in WWW Security List Archive
Re: Netscape and 40 bit encryption
daemon@ATHENA.MIT.EDU (wcs@anchor.ho.att.com)
Mon Mar 27 05:09:18 1995
From: wcs@anchor.ho.att.com
Date: Sun, 26 Mar 95 23:08:27 PST
To: davismc@vnet.ibm.com, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I strongly disagree with Mark Davis's contention that 40 bits of key is
adequate for anything of value, even small monetary transactions or
any personal conversations worth keeping private.
Yes, CMDF or RC4 is a lot better than rot13 or analog scrambling.
But I don't want my credit card numbers on it, which is what
SSL and things like it are about - even if I'm only buying
a $29.95 set of Ginsu Editors from the Internet Shopping Channel,
that credit card number can cause thousands of dollar of loss for
somebody if it's stolen (whether it's me or my bank, it's still bad.)
The current best DES-cracker designs cost about $1M for a 4-hour crack,
which is about $100/crack if you can keep it busy for 5 years of amortization.
While CMDF avoids the trivial speedups that would let you crack it
2**16 times as fast as real DES, I still wouldn't be surprised to see CMDF
or RC4 cracking get much faster if somebody outside the NSA wants to try.
It may also be possible to use a DES cracker to precompute a set of
information useful for cracking CMDF - storing 2**40 bits is easy,
and storing even 2**43 bytes is doable.
If Organized Crime weren't an oxymoron, it wouldn't be surprising for
a well-heeled set of bank robbers to start cracking DES-protected
EFT networks for fun and profit, either to rip it off directly
or certainly to provide good money laundering. Sure, maybe a
half-million-dollar custom IC fab run by unknowns would raise a few
eyebrows, but if you've got the cash and speak the language,
it's not _too_ hard to look like a venture capitalist with a
couple bright engineers hoping to do great machine-tool-controllers
or cable-tv set-top-boxes or parallel OCR-accellerators or whatever,
and then the startup goes bust and the assets and engineers
get sold to some other little company and...
A 40-bit version might not even take _organized_ crime to get into
the credit-card fraud business if they can launder the loot adequately.
