OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: Non-PK encryption not vulnerable via low key length?!

Re: Non-PK encryption not vulnerable via low key length?!

Perry E. Metzger (perryimsi.com)
Sat, 18 Mar 1995 12:07:06 -0500

"John B. Brown" says:
> > This is the crux of the matter. RC2 and RC4 are _not_ public key systems. 
> > They are conventional secret key algorithms, in the same class as DES or 
> > IDEA.
> 
> 	If they are in the same class as DES, then they are in
> BIG trouble! The $1M machine proposed by Michael J. Weiner in
> `Efficient DES Key Search' does in DES in 3.5 hours. according
> to the 'math'.

Saying that they are conventional cryptosystems like DES does not
imply that a the Weiner & Oorschot machine could be used against
them. In particuler, specialty DES hardware is useless against other
systems, but even more importantly, key length is (potentially) much
longer for RC2 and RC4, and every bit added to the key doubles the
time for a brute force attack.

.pm