Talk:40-bit encryption

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Low-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Cryptography: Computer science Low‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Low This article has been rated as Low-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Low-importance). Computer science Low‑importance This article is within the scope of WikiProject Computer science, a collaborative effort to improve the coverage of Computer science related articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer scienceWikipedia:WikiProject Computer scienceTemplate:WikiProject Computer scienceComputer science articles Low This article has been rated as Low-importance on the project's importance scale. Things you can help WikiProject Computer science with: Here are some tasks awaiting attention: Article requests : Requested articles/Applied arts and sciences/Computer science, computing, and Internet Cleanup : Computer science articles needing attention Computer science articles needing expert attention Copyedit : Computing Expand : Computer science Infobox : Computer science articles without infoboxes Maintain : Timeline of computing 2020–present Photo : Find pictures for the biographies of computer scientists (see List of computer scientists) Computing articles needing images Stubs : Computer science stubs Unreferenced : WikiProject Computer science/Unreferenced BLPs Project-related : Tag all relevant articles in Category:Computer science and sub-categories with {{WikiProject Computer science}}

Feel free to correct me if I'm wrong, but isn't DES in reality a 40-bit encryption standard? I know it actually has 56 bits, but my understanding was that for various reasons it really only offered 40 bits of encryption, and so is generally referred to as a 40 bit encryption method? Even the version of this page prior to my edit cited Deep Crack as being able to break 40 bit encryption rediculously fast (though I think it was very wrong on the time taken), and again, my understanding was that Deep Crack was built for DES and nothing else, so why was it referred to in an article on 40 bit encryption?

Deep Crack is the only dedicated brute force machine built for key search that we have the details about; I think the reason the machine is mentioned is that, when considering a key-size, it's useful to consider how well Deep Crack would perform given keys of that length. The machine was designed to be able attack up to the full 56 bits of DES. As a standard, DES accepts a 64-bit key; however, 8 bits are discarded as "parity bits" (well, that's the explanation given, anyway!), leaving 56 bits, the number usually quoted. Have a look at the references at the end of DES if you'd like to check up on this. There are theoretical attacks on DES that take an amount of time equivalent to brute forcing around 39-43 bits, but these aren't practical in any real-world-security sense. — Matt 13:50, 17 Sep 2004 (UTC)

Ah, yes, looks like I was mistaken, DES is 56 bit encryption out of a 64 bit key, not 40 out of 56 like I somehow mistakenly thought. I'd checked the Deep Crack entry before submitting, but didn't think to double check DES. Oh well, looks like 40 bit encryption really is as rediculously weak as was stated.

Yeah, it's pretty bad! If Deep Crack takes an average of 4.5 days to break a 56-bit key, then 40-bits would take less than 6.0 seconds by my calculation...— Matt 14:16, 17 Sep 2004 (UTC)

I won't get into a revert war, but I have to mention how stupid it would be to build something like Deep Crack to brute force 40 bits (it's an FPGA so the DES Deep Crack can't be easily reused). It's the proverbial hammer and nut. Far from showing how weak 40 bits is, it gives the uninformed reader the impression that expensive hardware is needed to break it quickly. A farm of COTS can probably do it in an hour for a couple thousand bucks, and you don't really need to be any faster than that unless you're in a bad, bad John Travolta movie. Arvindn 16:54, 3 January 2007 (UTC)[reply]

Good work rewriting the 128 bit stuff BTW. Arvindn 17:01, 3 January 2007 (UTC)[reply]

The information about how long it takes to break a key on typical hardware available at the time is time-sensitive and constantly changing (by a factor of 2 every 18-24 months, if Moore's law is anything to go by). Therefore quoting any time value is very time-sensitive and doesn't make sense outside of the context of what year we are referring to. I suspect it may be out of date. In particularly, the sentence "On a typical home computer, a 40-bit key can be broken in a little under two weeks, testing a million keys per second" appears dated. If this fact comes from a few years ago, then the timeframe my be reduced to just a day or two by now, and in a few more years may be a matter of hours. mmj (talk) 05:22, 31 October 2008 (UTC)[reply]

I've edited it to make it less time-sensitive, though it could still benefit from a more recent source. For instance, something that says "It was found that a 40-bit key can now be broken in X hours by X computer (ie Intel Core 2 Quad @ 3.2GHz)" mmj (talk) 04:16, 8 January 2009 (UTC)[reply]

This is a matter of seconds (or milliseconds) now. Also, the assertion that web browsers require 128-bit encryption seems a bit suspect. Perhaps this whole page should be rephrased to be more historical in its tone: "When export of stronger encryption was legalized in the US, 40-bit keys could be cracked on consumer hardware in a matter of weeks" or whatever Schneier said. I don't have a copy of Applied Cryptography handy. — Preceding unsigned comment added by 173.48.49.222 (talk) 20:48, 22 February 2018 (UTC)[reply]