On July 14, Hal posted his SSL challenge: a record of a "secure" Netscape session encrypted with the RC4-128-EXPORT-40 algorithm.

As far as I know, I was the first to find the key and read the contents of his session.

If you're a journalist, be sure to read my virtual press conference. If you have more questions, feel free to send me some e-mail: Damien.Doligez@inria.fr.

The program that found this key is composed of two parts: a master, which partitions the search space and centralizes the results, and a slave, which does the work. Run the master on one machine, and the slave on everything you can get your hand on.

I did no cleanup of the code, as this is a one-shot thing. I'm not really interested in breaking everyone's SSL sessions...

Warning: some C compilers (especially cc on the MIPS and alpha machines) take forever to compile the slave with maximum optimizations. I used gcc instead. Even then, some old versions of gcc crashed when trying to optimize the code.