RC4-40 attempt
Outcome of 40 bit RC4 sweep - failure
The full 40 bits of key space were swept.
Here's a copy of the announce of completion, and
hall of fame for contributers.
But, unfortunately nothing was found, though there a couple of reasons
for this:
-
We weren't 100 percent sure that Dan Bailey's supplied ciphertext / plaintext
pair really were correct. This was because there are no openly available
detailed specs for Microsoft Access. We were essentially guessing that
this was straight RC4-40 with no headers or other additional changes.
-
Eeek! There was a bug in the bruterc4.c program which meant that verifiably
keyspace was not being swept on Dec Alphas when the -v option was used.
-
Some people's browsers / windowing systems seem to add spaces to uuencoded
files. At least two people were able to demonstrate that this resulted
in incorrect ciphertext / plaintext!
So maybe a failure in one sense, but still we did come up with the compute
to sweep 40 bits in around 1 weeks of real time. The keys were getting
swept a lot faster towards the end as more people joined in, and as the
jackpot kept getting rolled over so to speak.
However, it is useful from a learning point of view, several mistakes
which were made with were fixed for the SSL breaks.
Also useful from a demonstrational point of view we really did sweep
that much keyspace, and if we had correct plaintext/ciphertext and
there were no bugs in the program (only affected Alpha's we think - possibly
other BSD, and only if -v option was used) we would really have done it.
So we demonstrated that compute to break 40 bit RC4 is easily available.
Comments, html bugs to me (Adam
Back) at <adam@cypherspace.org>