Although this is a large number in human terms (about a trillion), it is possible to break this degree of encryption using a moderate amount of computing power in a brute-force attack, i.e., trying out each possible key in turn.
[3] 40-bit encryption was common in software released before 1999, especially those based on the RC2 and RC4 algorithms which had special "7-day" export review policies,[citation needed] when algorithms with larger key lengths could not legally be exported from the United States without a case-by-case license.
"[4][5] As a result, the "international" versions of web browsers were designed to have an effective key size of 40 bits when using Secure Sockets Layer to protect e-commerce.
Similar limitations were imposed on other software packages, including early versions of Wired Equivalent Privacy.
As a general rule, modern symmetric encryption algorithms such as AES use key lengths of 128, 192 and 256 bits.