MarkTAW.com
How long does it take to crack SSL?
I was talking to some people a while back about how long it would take to crack SSL and whether or not the governmeng could realistically crack any consumer grade secure communication it wanted to in real time.

In 1995, Hal issued an SSL challenge to see if people could crack a single SSL conversation. Using computers from 1995, it took 32 hours.

SSL challenge virtual press conference

Did you think you'd be able to break it so soon ? Or did it take longer than you estimated ?

The technique I used doesn't leave much room for surprise. I knew I would get the result in at most 15 days, with an expected average of 8 days. The actual time was the same as the expected time because the result was almost exactly in the middle of the search space. It could have taken only a few minutes (if I was extremely lucky) or the whole 15 days (if I was unlucky). The only way I would not have gotten a result within 15 days was if my program had a bug.

I think it's important to note that some of these (actually) 112 machines are quite old, and I could have done the job just as fast with 30 of the fastest workstation that we have (a DEC alphastation, which cost us little more that $10000). According to some letters I got, a MasPar machine would be about twice as fast. You would get roughly the same speed as I did on a network of 40 to 50 high-end Pentium(R) PCs.

Info on the CRACKing of Hal's second challenge

After 114456 seconds (31h 47m 36s) at 01:48:04 on 26th August 1995, Pete Wenzel reported that he had found the key - 9636340d46.

Pentiums hit a max speed of around 90Mhz in 1995 (according to cpu-museum.de). The current crop of computers is around 30 times faster. Top500.org's current list of the Top500 computers says that the current top computer can reach 70.72 teraflops of processing power. A P1 133Mhz is about 23 megaflops (FLOPS benchmark in Forth).

Okay, so let's say take 40 P1 133's at 23 megaflops each, that's 920 megaflops.

70.72 teraflops / 920 megaflops =  76,869.57
70,720,000,000,000 / 920,000,000 = 76,869.57

The world's fastest computer is 76,869.57 (approx) times faster than a cluster of computers that could crack SSL in on average 8 days or less.

8 days * 24 hours * 60 minutes = 11,520 minutes.

11,520 / 76,869.57 = 6.67 minutes

That's 1 SSL connection cracked every 7 minutes.

We've gone from 8 days on average to less than 8 minutes.

Okay, that's supercomputers (which the government may very well own), but what about home computers? After all, the original test was conducted on home computers.

It took a cluster of 40-50 P 90's 8 days to crack SSL. A top of the line  home computer is about 30 times faster than a P90, so it would take you a little over 8 days to crack SSL on your home computer, let's say 2 weeks. 14 home computers networked together could crack SSL in a single day.

Discuss this article in the Forum.

I admit that this article is a little crackpot and uses a bunch of pseudo-math, but I think it makes the point fairly well.

A timely article on Slashdot called Fun with Prime Numbers emphasizes how easy it is to find primes (which are used in public key encryption).

Schneier on Security: SHA-1 Broken
   
     
   
     
       
Main Navigation
Home Rants
Music Recording
New York Reviews
Design Technology
Getting Things Done
Culture, Media & Politics
   
Forum  
Printable Version of This Page
   
Search
MarkTAW.com   Web
 
10 Latest Articles in all Categories
Moving
The Google Proxy
What to do with your life
Why Most Businesses Fail (A Theoretical Model)
Books
Random Happy Gibberish
Alternate Reality: The City Competition
Prof. Miller's In-class Assignment for Wednesday.
@Waiting
SyncBackSE - The Ultimate Backup Tool
 
About This Site
About Me About The Site
Contact Me Disclaimer
Forum Links
Pettycoat RSS Feed
   
All contents Copyright Mark Wieczorek. Header photography by Diana Yee.
Page Created on Nov 09, 2004 last updated Feb 16, 2005
Site updated Feb 14, 2007