Editing 40-bit encryption

{{Short description|Key size for symmetric encryption}}
{{Use mdy dates|date=July 2011}}
'''40-bit encryption''' refers to a (now broken) [[key size]] of forty bits, or five [[byte]]s, for [[symmetric encryption]]; this represents a relatively low [[level of security]]. A forty bit length corresponds to a total of 2<sup>40</sup> possible keys. Although this is a large number in human terms (about a [[1000000000000 (number)|trillion]]), it is possible to break this degree of encryption using a moderate amount of computing power in a [[brute-force attack]], ''i.e.'', trying out each possible key in turn.

==Description==
A typical home computer in 2004 could brute-force a 40-bit key in a little under two weeks, testing a million keys per second; modern computers are able to achieve this much faster.  Using free time on a large corporate network or a [[botnet]] would reduce the time in proportion to the number of computers available.{{sfn|Schneier|1996|p=154}} With dedicated hardware, a 40-bit key can be broken in seconds. The [[Electronic Frontier Foundation]]'s [[Deep Crack]], built by a group of enthusiasts for US$250,000 in 1998, could break a 56-bit [[Data Encryption Standard]] (DES) key in days,{{sfn|EFF-1998}} and would be able to break [[CDMF|40-bit DES]] encryption in about two seconds.{{sfn|Schneier|1996|p=153}}

40-bit encryption was common in software released before 1999, especially those based on the [[RC2]] and [[RC4]] algorithms which had special "7-day" export review policies,{{Citation needed|date=November 2014}} when algorithms with larger key lengths could not legally be [[Export of cryptography from the United States|exported]] from the United States without a case-by-case license.  "In the early 1990s&nbsp;... As a general policy, the State Department allowed exports of commercial encryption with 40-bit keys, although some software with DES could be exported to U.S.-controlled subsidiaries and financial institutions."{{sfn|Grimmett|2001|p=}}{{sfn|Schneier|1996|p=615}} As a result, the "international" versions of [[web browser]]s were designed to have an effective key size of 40 bits when using [[Secure Sockets Layer]] to protect [[e-commerce]]. Similar limitations were imposed on other software packages, including early versions of [[Wired Equivalent Privacy]]. In 1992, [[IBM]] designed the [[CDMF]] algorithm to reduce the strength of [[56-bit encryption|56-bit]] DES against brute force attack to 40 bits, in order to create exportable DES implementations.

==Obsolescence==
All 40-bit and 56-bit encryption algorithms are [[obsolete]], because they are vulnerable to brute force attacks, and therefore cannot be regarded as secure.<ref>{{cite web|last1=University of California at Berkeley Public Information Office|title=The only legally exportable cryptography level is totally insecure; UC Berkeley grad student breaks challenge cipher in hours|url=http://www.berkeley.edu/news/media/releases/97legacy/code.html|publisher=The Regents of the University of California|access-date=2015-12-14|date=1997-01-29|quote=This is the final proof of what we've known for years: 40-bit encryption technology is obsolete.}}</ref><ref>{{cite web|author1=Fitzmaurice, Ellen|author2=Tamaki, Kevin|title=Decoding the Encryption Debate: U.S. export restrictions and 'key recovery' policies are ineffectual as well as burdensome to business|url=https://www.latimes.com/archives/la-xpm-1997-06-01-me-64597-story.html|website=Los  Angeles Times|access-date=2015-12-14|date=1997-06-01|quote=But recent advances in computing technology have rendered 40-bit encryption dangerously weak and export limits commercially obsolete.}}</ref> As a result, virtually all Web browsers now use 128-bit keys, which are considered strong. Most [[Web server]]s will not communicate with a client unless it has 128-bit encryption capability installed on it.

Public/private key pairs used in [[asymmetric encryption]] (public key cryptography), at least those based on prime factorization, must be much longer in order to be secure; see [[key size]] for more details.

As a general rule, modern symmetric encryption algorithms such as [[Advanced Encryption Standard|AES]] use key lengths of 128, 192 and 256 bits.

==See also==
*[[56-bit encryption]]
*[[Content Scramble System]]

==Footnotes==
{{Reflist}}

==References==
{{Refbegin}}
*{{cite web|url=https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html|title=Frequently Asked Questions (FAQ) About the Electronic Frontier Foundation's "DES Cracker" Machine|publisher=Electronic Frontier Foundation|date=16 July 1998|access-date=23 Mar 2012|ref={{SfnRef|EFF-1998}}|archive-url=https://web.archive.org/web/20120918165854/http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html|archive-date=September 18, 2012|url-status=dead|df=mdy-all}}
*{{cite report|url=http://www.au.af.mil/au/awc/awcgate/crs/rl30273.pdf|format=pdf|title=Encryption Export Controls|first=Jeanne J.|last=Grimmett|series=Congressional Research Service Report RL30273|year=2001|access-date=July 26, 2011|archive-date=February 28, 2019|archive-url=https://web.archive.org/web/20190228095041/http://www.au.af.mil/au/awc/awcgate/crs/rl30273.pdf|url-status=dead}}
*{{cite book|last=Schneier|first=Bruce|title=Applied Cryptography|edition=Second|publisher=John Wiley & Sons|year=1996|isbn=0-471-11709-9}}
{{Refend}}

[[Category:Symmetric-key cryptography]]
[[Category:History of cryptography]]
[[Category:Encryption debate]]