TUCoPS :: Crypto :: ntscpcrk.txt

Netscape Security has been cracked with $584 worth of computer time on a graphics workstation!

MIT Student Uses ICE Graphics Computer

To Break Netscape Security in Less Than 8 Days

Cost to crack Netscape security falls from $10,000 to $584

CAMBRIDGE, Mass., January 10, 1996 -- An MIT undergraduate and part-time
programmer used a single $83,000 graphics computer from Integrated Computing
Engines (ICE) to crack Netscape's export encryption code in less than eight
days. The effort by student Andrew Twyman demonstrated that ICE's advances
in hardware price/performance ratios make it relatively inexpensive -- $584
per session -- to break the code.

While being an active proponent of stronger export encryption, Netscape
Communications (NSCP), developer of the SSL security protocol, has said that
to decrypt an Internet session would cost at least $10,000 in computing time.

Twyman used the same brute-force algorithm as Damien Doligez, the French
researcher who was one of the first to crack the original SSL Challenge.
The challenge presented the encrypted data of a Netscape session, using the
default exportable mode, 40-bit RC4 encryption.  Doligez broke the code in
eight days using 112 workstations.

"The U.S. government has drastically underestimated the pace of technology
development," says Jonas Lee, ICE's general manager.  "It doesn't take a
hundred workstations more than a week to break the code -- it takes one ICE
graphics computer. This shuts the door on any argument against stronger
export encryption."

Breaking the code relies more on raw computing power than hacking expertise.
Twyman modified Doligez's algorithm to run on ICE's Desktop RealTime Engine
(DRE), a briefcase-size graphics computer that connects to a PC host to
deliver performance
of 6.3 Gflops (billions of floating point instructions per second).
According to Twyman, the program tests each of the trillion 40-bit keys
until it finds the correct one. Twyman's program averaged more than 830,000
keys per second, so it would take 15 days to test every key.  The average
time to find a key, however, was 7.7 days.  Using more than 100
workstations, Doligez averaged 850,000 keys per second.ICE used the
following formula to determine its $584 cost of computing power: the total
cost of the computer divided by the number of days in a three-year lifespan
(1,095), multiplied by the number of days (7.7) it takes to break the code.

ICE's Desktop RealTime Engine combines the power of a supercomputer with the
price of a workstation.  Designed for high-end graphics, virtual reality,
simulations and compression, it reduces the cost of computing from $160 per
Mflop (millions of floating point instructions per second) to $13 per Mflop.
ICE, founded in 1994, is the exclusive licensee of MeshSP technology from
the Massachusetts Institute of Technology (MIT).


460 Totten Pond Road, 6th Floor
Waltham, MA 02154
Voice: 617-768-2300, Fax: 617-768-2301


Bob Cramblitt, Cramblitt & Company
(919) 481-4599; cramco@interpath.com

Jonas Lee, Integrated Computing Engines
(617) 768-2300, X1961; jonas@iced.com

Note: Andrew Twyman can be reached at kurgan@mit.edu.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH