40-bit encryption refers to a key size of forty bits, or five bytes, for symmetric encryption; this represents a relatively low level of security. A forty bit length corresponds to a total of 240 possible keys. Although this is a large number in human terms (about a trillion), it is possible to break this degree of encryption using a moderate amount of computing power in a brute-force attack, i.e., trying out each possible key in turn.
Notes: WEP encryption uses 24 bit 'Initilization Vector' in addition to the 'secret key'. Therefore, 40 bit WEP can be refered to as 64 bit WEP, and 104 bit can be referedo to as 128 bit, depending on whether the 'initialization vector' is counted or not. WEP-Key converter. ASCII: HEX: size: bit einhorn, 2000909: WEP-Keys: 40 bit: 5 ASCII chars, 10 HEX ('64 bit') 104 bit: 13 ASCII chars, 26 HEX ('128 bit') 232 bit: 29 ASCII chars, 58 HEX ('256 bit') Note: not all HEX keys can be converted to ASCII! Newsham exposed another vulnerability of WEP by demonstrating that the key generator used by many vendors is flawed for 40-bit key generation. Using a typical laptop, he was able to crack a 40-bit key is less than a minute. Another flaw of WEP, in the key scheduling. Enter a HEX key or an ASCII WEP key. Both 40 and 104bit keys will work. Errors and warnings will be given on the status line. Just hit ENTER or click on the other text window to update the key.
A typical home computer in 2004 could brute-force a 40-bit key in a little under two weeks, testing a million keys per second; modern computers are able to achieve this much faster. Using free time on a large corporate network or a botnet would reduce the time in proportion to the number of computers available.[1] With dedicated hardware, a 40-bit key can be broken in seconds. Xp pro sp2 key generator. The Electronic Frontier Foundation's Deep Crack, built by a group of enthusiasts for US$250,000 in 1998, could break a 56-bit Data Encryption Standard (DES) key in days,[2] and would be able to break 40-bit DES encryption in about two seconds.[3]
40-bit encryption was common in software released before 1999, especially those based on the RC2 and RC4 algorithms which had special '7-day' export review policies,[citation needed] when algorithms with larger key lengths could not legally be exported from the United States without a case-by-case license. 'In the early 1990s .. As a general policy, the State Department allowed exports of commercial encryption with 40-bit keys, although some software with DES could be exported to U.S.-controlled subsidiaries and financial institutions.'[4][5] As a result, the 'international' versions of web browsers were designed to have an effective key size of 40 bits when using Secure Sockets Layer to protect e-commerce. Similar limitations were imposed on other software packages, including early versions of Wired Equivalent Privacy. In 1992, IBM designed the CDMF algorithm to reduce the strength of 56-bit DES against brute force attack to 40 bits, in order to create exportable DES implementations.
All 40-bit and 56-bit encryption algorithms are obsolete, because they are vulnerable to brute force attacks, and therefore cannot be regarded as secure.[6][7] As a result, virtually all Web browsers now use 128-bit keys, which are considered strong. Most Web servers will not communicate with a client unless it has 128-bit encryption capability installed on it.
Public/private key pairs used in asymmetric encryption (public key cryptography), at least those based on prime factorization, must be much longer in order to be secure; see key size for more details.
As a general rule, modern symmetric encryption algorithms such as AES use key lengths of 128, 192 and 256 bits.
This is the final proof of what we've known for years: 40-bit encryption technology is obsolete.
But recent advances in computing technology have rendered 40-bit encryption dangerously weak and export limits commercially obsolete.