OK, but the same article also clarifies that although there are some digital signature vulnerabilities associated with the birthday attack, it cannot be used to break an encryption scheme any faster than a brute-force attack. This attack relates only to hashing functions and not IV collissions so I don't think it applies here and you are back to 2^18. In actuality a duplicate IV gives you very little information and in reality you are still dealing with a 2^40 keyspace. However, if you are brute forcing a key space of 2^40 then you generally will not have to exhaust the entire range of keys and will find the key halfway through on average. So if it were to take 3 months to search all keys then you can expect you will probably find the key you want in about 6 weeks - sometimes faster and sometimes slower. So in that context you are realistically moving from 2^40 to 2^39. Again, the IV collisions do not come into play here.
The main issue with a small IV pool is precalculation. At the end of the day, if you are confident that you can wait for a specific IV then you can precalculate all 2^40 keystreams for that given IV if you have a few terabytes and a little time. That means that when you encounter that particular IV then you can just look up the keystream and find the corresponding key. You are still presented with the issue though of working out what the keystream was before it was XORed against your svoice uperframe. (There is a way to do this in EP but we won't explicitly discuss that here.)
In reality, if you have worked out what the keystream is for a transmission that you have already decoded and presumably the IV is known, then brute forcing the keys might take a little time but I reckon you would find the key quicker than waiting for a specific radio to use the IV that you are waiting for. If you wanted to do many many different keys then precalculation might be cheaper but you might be waiting a very long time for that special IV to come along.
I don't think we are straying into anything unsavoury here. The discussion above is not telling anyone how to crack anything but clarifies how aa increase in IV collisions do not really aid the cause of a hacker in this attack.
On the other hand, we shoudl not completely dismiss the fact that you have identified the fact that there is potentially a much smaller pool of IVs being utilised. Frequent collisions do become an issue after a while. Some people have made entire YouTube videos about the concept of lack of IV randomisation and made a big deal about the purported vulnerabilites associated with this. It does seem that the actual IV space is smaller than all possible IVs. I'm just not sure if it resets back to the first key when you get to the end or if it loops around to a different number (modulo 2^32) but probably not.
www.filemail.com
