|
MIT Student Uses ICE Graphics Computer To Break Netscape Security in Less Than 8 Days Cost to crack Netscape security falls from $10,000 to $584 CAMBRIDGE, Mass., January 10, 1996 -- An MIT undergraduate and part-time programmer used a single $83,000 graphics computer from Integrated Computing Engines (ICE) to crack Netscape's export encryption code in less than eight days. The effort by student Andrew Twyman demonstrated that ICE's advances in hardware price/performance ratios make it relatively inexpensive -- $584 per session -- to break the code. While being an active proponent of stronger export encryption, Netscape Communications (NSCP), developer of the SSL security protocol, has said that to decrypt an Internet session would cost at least $10,000 in computing time. Twyman used the same brute-force algorithm as Damien Doligez, the French researcher who was one of the first to crack the original SSL Challenge. The challenge presented the encrypted data of a Netscape session, using the default exportable mode, 40-bit RC4 encryption. Doligez broke the code in eight days using 112 workstations. "The U.S. government has drastically underestimated the pace of technology development," says Jonas Lee, ICE's general manager. "It doesn't take a hundred workstations more than a week to break the code -- it takes one ICE graphics computer. This shuts the door on any argument against stronger export encryption." Breaking the code relies more on raw computing power than hacking expertise. Twyman modified Doligez's algorithm to run on ICE's Desktop RealTime Engine (DRE), a briefcase-size graphics computer that connects to a PC host to deliver performance of 6.3 Gflops (billions of floating point instructions per second). According to Twyman, the program tests each of the trillion 40-bit keys until it finds the correct one. Twyman's program averaged more than 830,000 keys per second, so it would take 15 days to test every key. The average time to find a key, however, was 7.7 days. Using more than 100 workstations, Doligez averaged 850,000 keys per second.ICE used the following formula to determine its $584 cost of computing power: the total cost of the computer divided by the number of days in a three-year lifespan (1,095), multiplied by the number of days (7.7) it takes to break the code. ICE's Desktop RealTime Engine combines the power of a supercomputer with the price of a workstation. Designed for high-end graphics, virtual reality, simulations and compression, it reduces the cost of computing from $160 per Mflop (millions of floating point instructions per second) to $13 per Mflop. ICE, founded in 1994, is the exclusive licensee of MeshSP technology from the Massachusetts Institute of Technology (MIT). ### INTEGRATED COMPUTING ENGINES, INC. 460 Totten Pond Road, 6th Floor Waltham, MA 02154 Voice: 617-768-2300, Fax: 617-768-2301 FOR FURTHER INFORMATION CONTACT: Bob Cramblitt, Cramblitt & Company (919) 481-4599; cramco@interpath.com Jonas Lee, Integrated Computing Engines (617) 768-2300, X1961; jonas@iced.com Note: Andrew Twyman can be reached at kurgan@mit.edu.