KEY
CHALLENGE
Late Tuesday evening a person from France posted a news article to the
hacker community claiming success at decrypting a single encrypted
message that had been posted as a challenge on
the Internet sometime on or before July 14, 1994. His response to
questions about his posting has also been placed on the Internet.
What this person did is decrypt one message that was encrypted using
the RC4 algorithm and a 40-bit key. He used 120 workstations and two
parallel supercomputers at three major research centers for 8 days to
do so. As many have documented, including Netscape, a single RC4
40-bit encrypted message takes 64 MIPS-years of processing power to
break, and this roughly corresponds to the amount of computing power
that was used to decrypt the message.
Important points to understand:
- He broke a single encrypted message. For him to break
another message (even from the same client to the same server
seconds later) would require *another* 8 days of 120 workstations
and two parallel supercomputers. The work that goes into breaking
a single message can't be leveraged against other messages. Every
message uses a different encryption key.
- The standard way to judge the level of security of
any encryption scheme is to compare the cost of breaking it versus
the value of the information that can be gained. In this case he
had to use at least $10,000 worth of computing power (ballpark
figure for having access to 120 workstations and two parallel
supecomputers for 8 days) to break a single message. Assuming the
message is protecting something of less value than $10,000, then
this information can be protected with only RC4 40-bit security. For
information of greater value, currently available RC4 128-bit security
should be used.
- Inside the US, software can support a range of stronger encryption
options, including RC4 128-bit, which is 2^88 times harder to decrypt.
Meaning that the compute power required to decrypt such a message would
be more than 1,000,000,000,000 (trillion) times greater than that which
was used to decrypt the RC4 40-bit message. This means that with forseeable
computer technology it would be practically impossible.
In conclusion, we think RC4 40-bit is strong enough to protect
consumer-level credit-card transactions -- since the cost of decrypting
the message is sufficiently high to make it not worth the computer time
required to do so -- and that our customers should use higher levels of
security, particularly RC4 128-bit, whenever possible. This level of
security has been available in the U.S. versions of our products since
last April. Because of export controls it has not been available
outside the U.S. We would appreciate your support in lobbying the U.S.
government to lift the export controls on encryption. If you'd like to
help us lobby the government send email to export@netscape.com.
Finally, we'd like to reiterate that all this person has done is
decrypt one single RC4 40-bit message. RC4 the algorithm and products which
use the algorithm remain as secure as always. If you would like more
detailed information about this event or a more thorough technical
understanding of the issues involved continue
here.
Corporate Sales: 415/937-2555; Personal Sales: 415/937-3777; Government Sales: 415/937-3678
If you have any questions, please visit Customer Service.
Copyright � 1997 Netscape Communications
Corporation