How to get a lot of computing power for a small cost
Is it 100 MIPS-years, or 64 MIPS-years ?
Netscape says it takes 64 MIPS-years to crack an SSL/export session,
while I say it takes 100 MIPS-years. Why the contradiction ? There
is no contradiction. The MIPS is a very fuzzy unit of measure, and
you can't really say that figures of 64 and 100 are in disagreement.
My figure is a nice round number in decimal, while theirs is a nice
round number in binary.
If you buy the computing time
Netscape says it will cost $10,000.
If you buy the computers
If you buy 50 Pentium-100
motherboards with power supplies, network cards, and 4 MB of
memory, with no disk, display, keyboard or mouse, you'll be able to
get them for about $1,000 each (figure courtesy of Bill Sommerfeld).
You'll get 50 keys per year for an initial investment of $50,000, plus
the electricity bill.
If you build the computers
It may be possible to reach speeds of millions of keys per second with
a few cards full of FPGAs (programmable hardware). This for a cost of
only a few thousand dollars. It would translate to a few days per
key, so maybe 200 keys per year, for a small initial investment (maybe
$10,000) and a small electricity cost. (This idea is from Philip
Gladstone).
If you want it for free, legally
If you're an employee at a company that has lots of networked
computers, if you're a student in a large university, if you work in a
Computer Science research lab, you're likely to have access to as many
computers as I have. Of course, if many people at your university
(for example) are trying to do the same, you'll have to share the
computer time, so it won't be fast enough.
If you're ready to do illegal things
You can break into a few thousand computers on the Internet and set
them to work on your crack. At night only, so it won't be noticed.
Conclusion
It can cost anywhere from $0 to $10,000 to break a key, and the price
will go down as fast as computer speed goes up.