RC4-40 attempt

Outcome of 40 bit RC4 sweep - failure

The full 40 bits of key space were swept.

Here's a copy of the announce of completion, and hall of fame for contributers.

But, unfortunately nothing was found, though there a couple of reasons for this:

We weren't 100 percent sure that Dan Bailey's supplied ciphertext / plaintext pair really were correct. This was because there are no openly available detailed specs for Microsoft Access. We were essentially guessing that this was straight RC4-40 with no headers or other additional changes.
Eeek! There was a bug in the bruterc4.c program which meant that verifiably keyspace was not being swept on Dec Alphas when the -v option was used.
Some people's browsers / windowing systems seem to add spaces to uuencoded files. At least two people were able to demonstrate that this resulted in incorrect ciphertext / plaintext!

So maybe a failure in one sense, but still we did come up with the compute to sweep 40 bits in around 1 weeks of real time. The keys were getting swept a lot faster towards the end as more people joined in, and as the jackpot kept getting rolled over so to speak.

However, it is useful from a learning point of view, several mistakes which were made with were fixed for the SSL breaks.

Also useful from a demonstrational point of view we really did sweep that much keyspace, and if we had correct plaintext/ciphertext and there were no bugs in the program (only affected Alpha's we think - possibly other BSD, and only if -v option was used) we would really have done it.

So we demonstrated that compute to break 40 bit RC4 is easily available.

Comments, html bugs to me (Adam Back) at <adam@cypherspace.org>