Editing 40-bit encryption (section)

==Description==
A typical home computer in 2004 could brute-force a 40-bit key in a little under two weeks, testing a million keys per second; modern computers are able to achieve this much faster.  Using free time on a large corporate network or a [[botnet]] would reduce the time in proportion to the number of computers available.{{sfn|Schneier|1996|p=154}} With dedicated hardware, a 40-bit key can be broken in seconds. The [[Electronic Frontier Foundation]]'s [[Deep Crack]], built by a group of enthusiasts for US$250,000 in 1998, could break a 56-bit [[Data Encryption Standard]] (DES) key in days,{{sfn|EFF-1998}} and would be able to break [[CDMF|40-bit DES]] encryption in about two seconds.{{sfn|Schneier|1996|p=153}}

40-bit encryption was common in software released before 1999, especially those based on the [[RC2]] and [[RC4]] algorithms which had special "7-day" export review policies,{{Citation needed|date=November 2014}} when algorithms with larger key lengths could not legally be [[Export of cryptography from the United States|exported]] from the United States without a case-by-case license.  "In the early 1990s&nbsp;... As a general policy, the State Department allowed exports of commercial encryption with 40-bit keys, although some software with DES could be exported to U.S.-controlled subsidiaries and financial institutions."{{sfn|Grimmett|2001|p=}}{{sfn|Schneier|1996|p=615}} As a result, the "international" versions of [[web browser]]s were designed to have an effective key size of 40 bits when using [[Secure Sockets Layer]] to protect [[e-commerce]]. Similar limitations were imposed on other software packages, including early versions of [[Wired Equivalent Privacy]]. In 1992, [[IBM]] designed the [[CDMF]] algorithm to reduce the strength of [[56-bit encryption|56-bit]] DES against brute force attack to 40 bits, in order to create exportable DES implementations.