Cypherpunks "brute" key cracking ring

Hal's second challenge has been CRACKED

The next crack was organised on mainland Europe, breaking the RSA 48 bit RC5 challenge in 280 hours. There are currently two sets of web pages (soon to merge I hope), a mostly German one, requiring large Netscape windows, known as challenge and a tri-lingual, lynx (and Netscape) friendly rsa_clng

There also appears to be another attempt being run from, and maybe one at

In order to demonstrate that the various export weakened crypto systems are too insecure to be used for secure commerce and business applications, this project was started to show this by breaking examples sessions. It is the sucessor to Adam's brute-rc4.html page and makes use of a new protocol which allows hosts with full internet access to directly communicate with the system without needing to use the WWW and cut&paste.

Last Projects

SSL (Secure Socket Layer) as used in the netscape secure WWW browser which has been vaunted as a mechanism for securing financial transactions, and commerical data through WWW. In its export restricted form, SSL uses 128 bit keys with 88 bits known, leaving a key search space of 40 bits. 40 bits is an insecurely small search space, for reasonable security; something like 128 bits would be much more reasonable.

Hal's first challenge has been cracked, so we moved on to his second which took 114456 seconds (31.8 hours). The PRIZE of Cyberbucks, the currency used in the DigiCash ecash trial [IMAGE: we accept ecash] has been allocated -- donations still greatfully accepted (100 c$ = 5 US$).

Hal has not yet generated a third challenge, so in the meantime, why not grab the latest copy of brutessl, brclient and brwork (which used to be "brloop"), and test it out (see "brwork -h"). If you have a CPU Farm, see also which allows you to run a local key allocation and ACK server (e.g. for use behind firewalls, or sites not permanently Internet connected).

Donating your CPU time

There are several ways to donate your CPU time, all that you require is a computer with an ANSI C compiler (also executables are supplied for DOS, Windows 95 and NT), and some spare compute time.

The software has been shown to run on PC compatibles, powerMACs, and numerous unix machines.

Step by step how to

Read the how to, everything explained step by step in full detail, what to down load, how to install, how to setup, how to use the socket client, how to use the WWW server.


You can collect brutessl.tar.gz version 1.03 to allow you to build the code to brute attack SSL. The only changes from 1.0 is to allow it to use the same args as bruterc4 when using brloop, and to go 60% faster on ALPHAs (by using ints instead of chars for RC4). For binaries etc, see the sources page.

Socket based key doler

If you have direct IP connectivity (or slip/ppp with autodial on use), you will be able to use the SKSP socket server. This will mean that you can start up the bruting software as a low priority background job on your workstation(s) and leave it to crunch unattended. Your client program will report back keyspace swept, and request more work automatically.

A perl socket based client code (use at least brc0.8) is available for UNIX systems. brloop is a shell wrapper which plugs together brclient and brutessl to keep chugging away at cracking. It is a shell script so that more people can read it to see what it actually does, and to allow then to tweak it -- e.g. there is a shell procedure testproc which decides whether to do some more work, sleep for a bit (maybe the machine is in use), or exit. This and other facilities can be tailored using .brloop.rc -- mine has the line
tailored=true BRCLIENT="Piete Brooks" BRID="" checkcmds=false
A Windows NT / Windows 32 socket based client is also available.

WWW based key doler

If you are unable to use the Socket based key doler, a second-class interface is provided through WWW forms, which allow you to request keyspace to search, report keyspace swept (and key if you hit the jackpot) and inspect the current status of the search. However, this requires user intervention, cut and paste, etc, so should only be used if you cannot use the Socket based key doler.
Comments, html bugs to me (Piete Brooks) at <>