[RC5] Cracking 40 bits in realtime

Matt Perry matt at primefactor.com
Fri Jan 2 10:23:03 EST 1998


You've killed the messenger for the message.  You're assuming that people
will be sniffing out encrypted packets to glean data they shouldn't have.
How do you expect them to know when they have the unencrypted packet?

My suggestion involved people like you and me submitting 40 bit encrypted
message to which we know the plain text.  Just like RSA.  But EVERYONE can
do it.  I'll submit the first and I'll tell you what the first 30
characters of the message are.  Just like RSA.  My neighbours will be
next, submitting their own 40 bit encrypted message to be cracked.

Soon people will get interested.  CNN can submit their own 40 bit
encrypted message and tell us the first 30 characters.  just like RSA.
Wham!  A few hours later.  Cracked.  It's on the news.  Let everyone
submit blocks all day long.  I'm all for a little more participation.

Skip, Take a look at your quote from that senator.  The U.S. can't export
deadbolts right now.  So rather than show that deadbolts can be broken in
a few months or a few years with the d.net crowbar in our d.net test lab,
we can show the the incredibly weak door knob locks we have can be broken
by the d.net crow bar in the d.net test lab in just a few hours if even
that long.

It's like branding in advertising.  If you can repeatedly show people "40
bits is too weak" over and over and over again, soon they won't be able to
get it out of their head.  Burger = McDonald's  Soft Drink = Coke  Tissue
= Kleenex.  40 bits = weak.

We all know this.  But it needs to be extreme common knowledge.  The
average computer guy needs to know 40 bits is too weak just like he knows
8 bit colour isn't good enough.  Just like he knows that a 486 isn't good
enough.  Just like a plain Pentium isn't good enough.  "I have to have
MMX"  Marketing has made these people think that they need the fastest
processer.  Marketing has made these people think they *must* have 24-bit
colour cards, even if they are just writing novels.  Like wise we can do
the same for 40 bit.  But that requires repeating the same message over
and over again.  40 bit is too weak.  40 bit is too weak again.  40 bit is
too weak again.

Matt Perry | matt at primefactor dot com
"After ecstacy, laundry." - Zen writing

On Fri, 2 Jan 1998, Skip Huffman wrote:

> On Thu, 1 Jan 1998 14:49:55 -0500 (EST), Matt Perry wrote:
> 
> >With that kind of power, why not just start cracking 40 bit messges left
> >and right.  Let people submit a 40 bit message they need cracked, send it
> >out across d.net, then email the reply back to the sender (or post it on a
> >web site).
> 
> This is an immoral act.  Just because I can shoplift, does not mean
> that I should.  I unequivocally oppose this suggestion.  I would
> immediatly leave d.net and encourage criminal proceedings upon those
> who engaged in such an enterprise.
> 
> Skip Huffman
> +-------------------------------------------------------------------+
> | Denying millions of law-abiding people the use of a legitimate    |
> | and increasingly necessary security product for "law enforcement" |
> | reasons is like banning deadbolt locks because they make it a     | 
> | little harder to kick down the doors of a few drug dealers.       |
> |             CONRAD BURNS, U.S. Senator (R-Mont.)                  |
> +-------------------------------------------------------------------+ 
> 
> --
> To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
> rc5-digest subscribers replace rc5 with rc5-digest
> 

--
To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list