On Fri, Nov 09, 2001 at 12:26:53PM +0800, [EMAIL PROTECTED] wrote: > I was interested if anyone knew of any "specific" case examples where low level > encryption (ie 40bit or lower) has been insufficient to accommodate in the safe > passage of financial data to and from clients.....
Any financial institution that was so embarrased would probably hush it up as much as possible, because it would hurt them very badly. The PR flak aside, it only requires you to do a little math. 40 bit keys you say? 2^40 ~ 1 trillion keys. Think about it. These days you have processors that run at gigahertz speeds. An average Athlon or Pentium IV processor could break such a key in only a few hours. It would take only seconds if you had an FPGA or were willing to invest in custom hardware of some sort. A cluster of several Athlons or P4's would do just as well if you wanted an answer sooner than a few hours. Of course it's been done before, just that the stupidity of someone who used such short keys was not great enough to let the whole world know of their stupidity. And anyone who pulled it off would surely have been smart enough not to tell anyone. -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, Inter.Net Philippines +63(917) 4458925 http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
