Outcome of 40 bit RC4 sweep - failure
The full 40 bits of key space were swept.
Here's a copy of the announce of completion, and
hall of fame for contributers.
But, unfortunately nothing was found, though there a couple of reasons
So maybe a failure in one sense, but still we did come up with the compute
to sweep 40 bits in around 1 weeks of real time. The keys were getting
swept a lot faster towards the end as more people joined in, and as the
jackpot kept getting rolled over so to speak.
We weren't 100 percent sure that Dan Bailey's supplied ciphertext / plaintext
pair really were correct. This was because there are no openly available
detailed specs for Microsoft Access. We were essentially guessing that
this was straight RC4-40 with no headers or other additional changes.
Eeek! There was a bug in the bruterc4.c program which meant that verifiably
keyspace was not being swept on Dec Alphas when the -v option was used.
Some people's browsers / windowing systems seem to add spaces to uuencoded
files. At least two people were able to demonstrate that this resulted
in incorrect ciphertext / plaintext!
However, it is useful from a learning point of view, several mistakes
which were made with were fixed for the SSL breaks.
Also useful from a demonstrational point of view we really did sweep
that much keyspace, and if we had correct plaintext/ciphertext and
there were no bugs in the program (only affected Alpha's we think - possibly
other BSD, and only if -v option was used) we would really have done it.
So we demonstrated that compute to break 40 bit RC4 is easily available.
Comments, html bugs to me (Adam
Back) at <firstname.lastname@example.org>