Encryption thoughts

Status
Not open for further replies.
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,947
N_Jay said:
Why don't you take off your blindfolds and start actually reading just what has and has not been broken,:roll:
Click to expand...

Huh, or as you would say "hu"?

I already read enough about it being broken; this is old news, except to you I guess.
Go to your local university that has an engineering curriculum and you'll likely find a book on wireless security which will probably have a nice section on cell phones of which GSM will be covered.

Happy studies!
 
N

N_Jay

Guest
Ray_Air said:
Huh, or as you would say "hu"?

I already read enough about it being broken; this is old news, except to you I guess.
Go to your local university that has an engineering curriculum and you'll likely find a book on wireless security which will probably have a nice section on cell phones of which GSM will be covered.

Happy studies!
Click to expand...

Why don't you just find the link.

Given the amount of attention this "news" is getting there is plenty of good information out there.

Best I heard was something over 30 minuets with a multi-FPGA and 2T bytes of flash storage.

I guess that fits an idiots definition of "your computer . . . can grab the key in seconds".:roll::roll:

I stand by my statements:
Widely known flaw,
Billions of users/units,
Probably 10's of thousands of hackers,
10 years,
And in another 6 months the average hobbyist 'may' be able to crack the encryption
 
Last edited:
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,947
N_Jay said:
Why don't you just find the link.

Given the amount of attention this "news" is getting there is plenty of good information out there.

Best I heard was something over 30 minuets with a multi-FPGA and 2T bytes of flash storage.

I guess that fits an idiots definition of "your computer . . . can grab the key in seconds".:roll::roll:

I stand by my statements:
Widely known flaw,
Billions of users/units,
Probably 10's of thousands of hackers,
10 years,
And in another 6 months the average hobbyist 'may' be able to crack the encryption
Click to expand...

Well, if you don't have the computing power to be able to force a 30-bit key, then you should sell your Commodore 64 that you're using.

And I will say again, the 64-bit encryption used for voice security on GSM networks is flawed. Even though the system accepts 64-bit keys, only 30 bits of the key is used (It might be 32 bits used?) So that is even weaker than DVP, or 40-bit encryption. I have read articles that said 40 bit encryption could be broken on a home computer in less than a couple days. With Moore's law calculated in, it can probably be broken on a high end home PC in a couple hours max.

I believe the newest hack on GSM to allow faster cracking was the use of known -text cracks (not phone user inputted data/voice, but already embedded on the phone). I have a few books on GSM, if I get time I may re-reference them; or I can point you to them.

I am not your research assistant. If you want to learn more about this I can give you pointers, but you're going to have to do the field work, get off your duff, and look up links yourself.

Thank you.
 
Last edited:
N

N_Jay

Guest
Ray_Air said:
Well, if you don't have the computing power to be able to force a 30-bit key, then you should sell your Commodore 64 that you're using.

And I will say again, the 64-bit encryption used for voice security on GSM networks is flawed. Even though the system accepts 64-bit keys, only 30 bits of the key is used (It might be 32 bits used?) So that is even weaker than DVP, or 40-bit encryption. I have read articles that said 40 bit encryption could be broken on a home computer in less than a couple days. With Moore's law calculated in, it can probably be broken on a high end home PC in a couple hours max.

I believe the newest hack on GSM to allow faster cracking was the use of known -text cracks (not phone user inputted data/voice, but already embedded on the phone). I have a few books on GSM, if I get time I may re-reference them; or I can point you to them.

I am not your research assistant. If you want to learn more about this I can give you pointers, but you're going to have to do the field work, get off your duff, and look up links yourself.

Thank you.
Click to expand...

If it is so easy (according to you) then why is this recent announcement such big news?
AND, why are there no references to this "simple" method you are so sure exists (without your ability to provide a single reference)?

Or are you just so much smarter then the rest of us, that you don't need facts to proclaim "truth"?:roll::roll::roll:
 
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,947
N_Jay said:
If it is so easy (according to you) then why is this recent announcement such big news?
AND, why are there no references to this "simple" method you are so sure exists (without your ability to provide a single reference)?

Or are you just so much smarter then the rest of us, that you don't need facts to proclaim "truth"?:roll::roll::roll:
Click to expand...

You'll hear about it around the time of the next GSM conference in Feb. 2010.
 
T

talkpair

Member
Joined
Apr 27, 2009
Messages
982
Location
Clinton County, MO
Vs lbhe fb shpxvat cnenabvq nobhg frphevgl, gura lbh fubhyq or noyr gb penpx guvf fvzcyr rapelcgvba va ab gvzr, evtug? V qbhog vg. Lbhe pbaprea bire cebcevrgnel rapelcgvba if gung bs gur srqf vf cnenabvn.

A_Wnl, V pna'g pbagvahr gur fhowrpg ng unaq.
Click to expand...

Decoded:

Honey....I'm picking up little Peyton and Jacinda from soccer practice.....Be a sweetheart and swing by
McDonalds and pick me up 2 Big Macs, 3 orders of super-size french fries, and 6 chocolate chip cookies.

Oh....i almost forgot.......and a large Diet Coke !
 
poltergeisty

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
Ray_Air said:
You're funny, I just saw this, it took about 5 minutes.
Click to expand...


My point:
Q: Are you concerned about company-specific security Failures or that of protocol-level Flaws???

Ray_Air said:
The A5/1 algorithm used in European GSM cell phones has a 64-bit key, but can be broken in the time it takes to brute-force a 30-bit key. This means that even though the algorithm is given a cryptographic key with 64-bits of entropy, it only makes use of 30 bits of entropy in the key.

Another flaw, more computer related, is that some crypto products may say they take a 128-bit or 256-bit key, but the entropy is based on the user selected passphrase. A general rule, passwords have about 4 bits of entropy per character (Ex- 10 character password (ASCII std. English) is equivalent to a 40-bit key).

Just because an algorithm says it accepts 128-bit (or higher) keys does not mean it has 128 bits (or higher) of entropy in the key. In my opinion I would not trust any proprietary algorithms by any manufacturer or entity besides the well funded military/intelligence community. It simply takes years to evaluate an algorithm and if it's proprietary then those companies do not have the necessary resources to properly judge their algorithm to be free of any flaws or weaknesses. No single company, outside the military/intelligence community, has the financial resources necessary to evaluate a new cryptographic algorithm or to correct design flaws out of highly complex protocol. This is why you have seen some previous encryption schemes broken like the GSM phones, Older versions of O/S's/browsers (Netscape Navigator 1.1, Windows NT, Word/Excel 2000/2003). Supposedly, MS Office 2007 is supposed to fix the flawed 128-bit encryption for passwords in their previous products. For instance, I could put a password on one of my MS Word 2003 doc's (8-16 characters) and try to brute force it, but that could take several days, however I was able to brute force passwords of up to 6 digits in under three minutes. Or I could just connect to a password crackers server and crack the password instantly. I am in the process of converting my older files to MS Office 2007.

A library of information could be written on the topic of good and bad encryption...
Click to expand...













Talkpair, uDUS6yUBITAhITAhLRu4tXhTi+ovwqaNECExMiGulZQtw2Q
 
Last edited:
WayneH

WayneH

Forums Veteran
Super Moderator
Joined
Dec 16, 2000
Messages
7,543
Location
Your master site
Ray_Air and poltergeisty, stop acting like children. One of you needs to set the other to ignore. I will not be as nice next time.

Do not reply to this post. Reply privately if you so feel the need to approach the soapbox.
 
M

MattSR

Member
Joined
Jul 26, 2002
Messages
407
Location
Sydney, Australia
To make it apples for apples, compare GSM to P25 DES-OFB..


N_Jay said:
Huge GSM flaw allows hackers to listen in on voice calls

GSM:
Widely known flaw,
Billions of users/units,
Probably 10's of thousands of hackers,
10 years,
And in another 6 months the average hobbyist 'may' be able to crack the encryption.

P25 AES:
No known flaws,
Few hundred thousand users/units
Probably a few hundred hackers,
And you guess when the average hobbyist 'may' be able to crack the encryption

Time to "do the math", as they say.
Click to expand...
 
Status
Not open for further replies.

Similar threads

N9JIG
Scanner Tales: We can be the Good Guys sometimes
Replies
5
Views
1K
T680
T
N9JIG
Scanner Tales: Obsolete Accessories
2
Replies
21
Views
3K
wa8pyr
wa8pyr
N9JIG
Scanner Tales: The Ten Commandments of the radio hobby
Replies
13
Views
4K
knockoffham
K
N9JIG
Scanner Tales: Shenanigans (Part one)
Replies
13
Views
2K
BinaryMode
BinaryMode
N9JIG
Scanner Tales: CARMA Meetings and Newsletters
Replies
5
Views
997
mws72
mws72
Top