[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Encrypted IP tunnels for Europe
From:       padgett () tccslr ! dnet ! mmc ! com (A !  Padgett Peterson, P ! E !  Information Security)
Date:       1995-05-31 14:05:13
[Download RAW message or body]

>>Would anyone like to comment on the security of 40 bit RC2? 

Marcus rites:
>I can probe, say, 40,000 possible DES keys per second.

>	2^40 is 1099511627776
>	divided by my 40,000 probes, gives me 27487790 seconds
>	divided by 60 seconds in a minute is 458129 minutes
>	divided by 60 minutes in an hour is 7635 hours
>	divided by 24 hours in a day is 318 days

Sounds about rite for a good Pentium PC with a 64 bit data path. Major
problem is that it can only do one operation at a time.

>	RC2 is TWICE AS FAST AS DES so these numbers should be
>taken with a grain of salt. So assume that an actual crack
>would take half or slightly less time than I postulate above.

Actually you can expect that *on the average* any code will take about half
the keyspace to crack but the other "halving" is a function of a SISP
machine. Creation of a boolean sieve of an appropriate size will result
in one key test for each machine cycle independant of the algorithm. 

Commercial cascadable processors such as the GAAP or good DSPs could run at 
40 Mhz two years ago and produce an Average Time To Break of 3 1/3 hours for 
a 40 bit key.

>There's a company (Access Technologies, I think it
>is) that has an FPGA-based key tester machine that can test
>150,000,000 DES keys/second on a box that cost $15,000.

Not unreasonable for 1995 - if not limited to DES and capable of being appied
to RC2/40 bit key, the ATTB would drop to well under an hour. Might be a more
suitable test, even at 150 Mc the ATTB for 56 bit DES would still be measured
in years.

>(* I like my head. I had an Arai Superlight.)

Not available when I was racing - have a three inch scar on my forehead
where the Snell-approved Bell Magnum 500 failed to absorb all of the 
shock from the landing (after a short flight) of my BP Corvette.

						Warmly,
							Padgett

[prev in list] [next in list] [prev in thread] [next in thread]