In 1995, Hal issued an SSL challenge to see if people could crack a single SSL conversation. Using computers from 1995, it took 32 hours.
SSL challenge virtual press conference
Did you think you'd be able to break it so soon ? Or did it take longer than you estimated ?
The technique I used doesn't leave much room for surprise. I knew I would get the result in at most 15 days, with an expected average of 8 days. The actual time was the same as the expected time because the result was almost exactly in the middle of the search space. It could have taken only a few minutes (if I was extremely lucky) or the whole 15 days (if I was unlucky). The only way I would not have gotten a result within 15 days was if my program had a bug.
I think it's important to note that some of these (actually) 112 machines are quite old, and I could have done the job just as fast with 30 of the fastest workstation that we have (a DEC alphastation, which cost us little more that $10000). According to some letters I got, a MasPar machine would be about twice as fast. You would get roughly the same speed as I did on a network of 40 to 50 high-end Pentium(R) PCs.
Info on the CRACKing of Hal's second challenge
After 114456 seconds (31h 47m 36s) at 01:48:04 on 26th August 1995, Pete Wenzel reported that he had found the key - 9636340d46.
Pentiums hit a max speed of around 90Mhz in 1995 (according to cpu-museum.de). The current crop of computers is around 30 times faster. Top500.org's current list of the Top500 computers says that the current top computer can reach 70.72 teraflops of processing power. A P1 133Mhz is about 23 megaflops (FLOPS benchmark in Forth).
Okay, so let's say take 40 P1 133's at 23 megaflops each, that's 920 megaflops.
70.72 teraflops / 920 megaflops = 76,869.57
70,720,000,000,000 / 920,000,000 = 76,869.57
The world's fastest computer is 76,869.57 (approx) times faster than a cluster of computers that could crack SSL in on average 8 days or less.
8 days * 24 hours * 60 minutes = 11,520 minutes.
11,520 / 76,869.57 = 6.67 minutes
That's 1 SSL connection cracked every 7 minutes.
We've gone from 8 days on average to less than 8 minutes.
Okay, that's supercomputers (which the government may very well own), but what about home computers? After all, the original test was conducted on home computers.
It took a cluster of 40-50 P 90's 8 days to crack SSL. A top of the line home computer is about 30 times faster than a P90, so it would take you a little over 8 days to crack SSL on your home computer, let's say 2 weeks. 14 home computers networked together could crack SSL in a single day.
Discuss this
article in the Forum.
|