Slashdot Mirror
GSM Decryption Published
Hugh Pickens writes "The NY Times reports that German encryption expert Karsten Nohl says that he has deciphered and published the 21-year-old GSM algorithm, the secret code used to encrypt most of the world's digital mobile phone calls, in what he called an attempt to expose weaknesses in the security system used by about 3.5 billion of the 4.3 billion wireless connections across the globe. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. 'This shows that existing GSM security is inadequate,' Nohl told about 600 people attending the Chaos Communication Congress. 'We are trying to push operators to adopt better security measures for mobile phone calls.' The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl's efforts illegal and said they overstated the security threat to wireless calls. 'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. 'What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.' Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology — limited to governments and intelligence agencies — within the reach of any reasonable well-funded criminal organization. 'This will reduce the time to break a GSM call from weeks to hours,' Bransfield-Garth says. 'We expect as this further develops it will be reduced to minutes.'"
Cracked by me!
Wow, what an interesting way to force innovation at such a "minor" expense to the people their efforts are supposed to help. Kinda ironic their efforts have done the exact opposite of their goals... and if the past is any indication, the harm they may have just caused will be around for a while.
Most of my calls are pretty boring, so I generally dont care. Some of my calls are regarding patient information entries in a database we maintain - in which case this becomes serious.
StarTrekPhase2 - The Five Year Mission Continues!
Jul lrf, V pna!
- AFN
G S M secure
All your financial passwords
Are belong to us
What the operators really want is something secure enough so you can't practically listen to a politician's conversations, but open enough so the state can listen to any citizen's conversation. All in the same of National Security. We will only be secure when the reverse is true.
"To those who are overly cautious, everything is impossible. "
"To do this while supposedly concerned about privacy..."
Duh. Paint me yellow and let me run down the street. OF COURSE he is concerned about privacy because we all know how organizations always act fast and in the interests of their customers with absolutely no outside stimulus! Absolutely shocking, he should be hanged. (Choose whoever you think I'm referring to with "he")
Shh.
We allow people to fear-monger by saying that this can allow criminals to decrypt calls more easily, but, if a couple of dozen hackers at a conference can piece this together through brute-force-ish tactics, are we sure that others haven't already? That's the point that they've made, a point entirely lost in the article.
This does *next-to-nothing* to make the system less secure. It was insecure to begin with. Regulations rendering the dissemination of code-breaking and system-compromising codes and techniques illegal aren't there to protect our data security. They're there to allow companies to use inadequate security measures without public shame.
Of course, this is Slashdot. Anyone who doesn't already know that security through obscurity is ridiculous is an idiot (or a troll). Anyone who relates cryptographic security to fake-rock-key-hiding and calls that rock obscurity (inevitable in a story like this) is just a troll.
Guess what, kids!
A 128-bit code has twice as many ones and zeroes as a 64-bit code. Wow!
Ubj vf guvf n gebyy cbfgvat? ;-C
Fubhyq unir orra "-1 snvyrq gb or vagrerfgvat"
Yeah, it's off-topic. But there's no way Slashdot will ever run THIS story
Two al Qaeda Leaders Behind Northwest Flight 253 Terror Plot Were Released by U.S.
Guantanamo prisoner #333, Muhamad Attik al-Harbi, and prisoner #372, Said Ali Shari, were sent to Saudi Arabia on Nov. 9, 2007, according to the Defense Department log of detainees who were released from American custody. Al-Harbi has since changed his name to Muhamad al-Awfi.
Both Saudi nationals have since emerged in leadership roles in Yemen, according to U.S. officials and the men's own statements on al Qaeda propaganda tapes.
Both of the former Guantanamo detainees are described as military commanders and appear on a January, 2009 video along with the man described as the top leader of al Qaeda in Yemen, Abu Basir Naser al-Wahishi, formerly Osama bin Laden's personal secretary.
The good news is that GSM encryption lasted 21 years (more or less).
And in truth, the effort was probably really exceptional. There is really little chance that criminals could reproduce his work, because they are all uneducated and stupid. Plus it is illegal in Britain and the US, so that should discourage potential snoopers.
Whew - catastrophe narrowly avoided!
worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.
Wait, so just having the encoding algorithm is enough to decipher a message? That's kindergarten cryptography, not something designed for the real world.
The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted.
Yes, that's right. Their main weapon in defending your privacy against crackers who don't care about the law at all is copyright.
operators, by simply modifying the existing algorithm, could thwart any unintended surveillance.
If that's not security through obscurity, I don't know what is.
"To do this while supposedly being concerned about privacy is beyond me"
can someone point me to the article where the GSM Association was outraged when it learned of the illegal wiretapping program which the carriers happily participated in as agents of the u.s. government? i'm sure they protested that, right? riiight?
called Mr. Nohl's efforts illegal
So? What has that to do with whether or not he actually did what he says he did? It's not even worth mentioning. A good encryption system should not depend upon the presumed illegality of breaking it.
says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption.
That you know of, lady. If this guy really has cracked it, odds are someone else has sometime in the past two decades, but wasn't kind enough to so inform you.
The higher the technology, the sharper that two-edged sword.
If that's not security through obscurity, I don't know what is.
Technically, it's insecurity through stupidity.
The higher the technology, the sharper that two-edged sword.
The weaknesses of this algorithm are well-known and a new version that fixes those issues has been available for a long time. Now, does anyone knows whether this new version has been deployed everywhere? Who is still relying on the older version?
BTW, the algorithm used by 3G networks is different. It is based on AES and the design is publically available.
Nobox: Only simple products.
'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, [...] 'To do this while supposedly being concerned about privacy is beyond me.'
What? Come again?
If Ms. Cranton doesn't even know the argument for full disclosure, why is she the person speaking on behalf of the GSM Association?
Now, we can discuss among ourselves when full disclosure is better than limited disclosure and vice versa, but at least we understand both positions. She doesn't?
Also, if the attack is practically unlikely, why the big concern about privacy? Didn't Ms. Cranton just say this wasn't a big problem, yet at the same time shame Nohl for causing a big problem?
Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts combined with inadequate security designed into the damn thing could put sophisticated mobile interception technology [in the hands of outlaws].
Fixed that for Mr. Bransfield-Garth. The system isn't weak because of Nohl's deeds or misdeeds. It's weak because it's poorly designed. I have seen telecoms security protocols. Only banks have protocols worse than these :(
One of the basic rules of the game for anyone who's a competent cryptographer is that if you're not selling snake-oil, you expose your algorithm to public scrutiny. The modern approach to crypto is based on the assumption that it's only the keys that are secret, not the algorithm. If you don't take this approach, then essentially you never have any way of knowing whether what you've got is any good. Imagine if Toyota thought that it was a good idea to suppress discussion and research about reports of uncontrolled acceleration in their cars. Now imagine that Toyota was able to get the government to pass a law suppressing such discussion. Then how would you ever know if your car was safe or not?
They can't even keep their story straight. First they say that the attack is "theoretically possible but practically unlikely." Then they say that it's so bad and evil that it's a good thing that "What he is doing would be illegal in Britain and the United States." How can it be so bad and evil if it's not workable?
I can understand why companies that sell DRM'd media want to outlaw academic research into their encryption methods. It makes sense, because DRM is fundamentally snake-oil, and it can never be anything but snake oil. Therefore the only way they can keep on selling their snake oil is to forbid open discussion. This is why we have the anti-circumvention parts of the DMCA. It's an evil position, but it's an intelligent, self-consistent evil position.
But cell phone carriers really can provide good security, if they try hard enough. There is nothing fundamentally theoretically suspect about secure communication, as there is about DRM. So why do they need to try to suppress research? It seems like it would have to be because they're either incompetent or stupid.
Find free books.
The NY Times article is missing quite a lot detail. Slashdot users might appreciate the raw video from the talk (torrent): part 1, 2, 3.
They're there to allow companies to use inadequate security measures without public shame.
And the politics is really the problem.
Let's classify the world into four types of people: politicians, security experts, telecommunications lobbyists and the regular citizens.
The politicians want to stay in office. The security experts want good security. The telecommunications lobbyists want cheap security. The regular citizens don't know there's a security concern (except from what they hear from Hollywood).
The politicians can stay in office if they can afford a good campaign. The telecommunication lobbyists want to make a deal. The security experts are few, unconnected and don't have much money in comparison. The uneducated masses aren't going to change their voting based on GSM security even if they knew about it and understood the issues.
And so you will have the politicians portraying the security experts as evil people (which the media will dutifully transmit to the public), all while the telecommunications people get to use cheap and poor security.
(replace telecommunications with banking if you want to get really bummed out...)
Or am I wrong? Please, someone tell me I'm wrong.
iirc, when this have come up before, its been pointed out that only a really old, in gsm terms, phone, would still be using said encryption. And that more recent phones are able to use more modern encryptions, if the network allows it...
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Nothing is stopping you from submitting the story. Something to think about - what category would it fall under?
Apple
Ask Slashdot
Book Reviews
Games
Hardware
Idle
Interviews
IT
Linux
Mobile
Science
YRO
Best "String" Ever!
"To do this while supposedly being concerned about privacy is beyond me."
And thence lies the problem.
Now come on, you didn't even provide a link. Many stories are rejected from Slashdot, especially mine which shouldn't be. It's all about finding the appropriate forum. This one is "News for Nerds, stuff that matters." I just don't understand why all my stories keep getting rejected...! Anyway, posting with my name because I also don't believe in the karma system so much (but still a little) and next time, PROVIDE a link!
Shh.
"Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. 'What he is doing would be illegal in Britain and the United States."
a. So Mr. Nohl is the ONLY person that succeeded in breaking this crypt? I doubt it, he is the only one that published it just because its limp. Did you really believe it was impenetrable? Soooo naive.
b. So hackers would not crack messages because thats illegal? Ms. Cranton must be living in some delusional never never land.
Wake up folks. This BS won't stop the Mafia, CIA, alqada or anyone else that is determined. What will stop them is replacing your 21 year old spaghetti code with a new, clean encryption algorithm. In evolutionary terms, you have succumbed to The Darwin Principal, get a grip on it.
Good thing he's not in the states or Britain. I hope he doesn't plan on visiting or get extradited to either.
To anyone who says there's a difference, I want proof.
For justice, we must go to Don Corleone
"This is theoretically possible but practically unlikely"
"This will reduce the time to break a GSM call from weeks to hours"
encryption is nothing more than security through calculated obscurity.
I think you can only prosecute an argument for that claim successfully if you engage in semantic shifting.
That is to say, you're right only if you take the word `obscurity' to mean something different from what everybody else takes it to mean.
Security by obscurity generally means you're relying on the adversary to be ill-informed about some aspect of the crypto which wouldn't be a problem for him to know about in a "real" cryptosystem, and/or extremely limited in computational power.
For instance, the windows 95 screen saver password (at most 14 characters) was stored in the registry, xor'ed with a fixed key of length 14. Probably a const char screen_saver_xor_pad[14] = [...], "safely" hidden away in some undisclosed source code. Security by obscurity.
This is also how DRM works: encrypt a bit string f with key k, then send k and e_k(f) to the recipient, but sneakily, hoping that the recipient will only decrypt and use f in accordance with the rules your piece of software implements. Security by obscurity.
Take on the other hand AES. Go do an exhaustive key search. If you're smart, do a meet-in-the-middle. That's sqrt(2^n), which is still exponential (it's sqrt(2)^n). Okay, n is fixed, but still: the best attack is (essentially) brute force. That's real security.
Then there's of course the gold-plated but impractical security (well, encryption): whenever you want to send a message m that's b bits long, come up with a uniformly random b-bit key k, then transmit m XOR k. Perfectly secure, but good luck sending k to the recipient. You can pre-share it, though, so if you put 4 TB of random key in your submarine, it can send 4 TB back to HQ confidentially. Or you can do quantum key distribution (if you have the required equipment).
I recommend that while your post has a valid point, you try to refrain from commenting on the more technical aspects of security.
I recommend you try to refrain from assessing peoples' understanding of the technical aspects of security and making recommendations based upon that assessment. I haven't seen anything in your parent's post which suggests they don't understand the subject matter, unless we take your semantic shift to be The Right Way to understand "obscurity."
A false sense of security is worse than no security at all. So yes, it is insecurity and it is stupid.
"... beyond me."
That's exactly right. Beyond him.
"If you something that you don't want anyone to know, maybe you shouldn't be it in the first place"
- ~anonymous
What the operators really want is something secure enough so you can't practically listen to a politician's conversations, but open enough so the state can listen to any citizen's conversation. All in the same of National Security. We will only be secure when the reverse is true.
Things are only encrypted over the air. Once it hits the tower and starts bouncing around SSPs and STPs the signals are in the clear and can be tapped easily. There's no point having a weak cipher for the radio component as any lawful (!) tapping will occur over the back haul.
Does anyone have a link to the Chaos Computer Club presentation?
A5/1 and A5/3 are Authentication Algorithms and not ENCRYPTION/Decryption. The Ciphering Encryption Algorithm for GSM/GPRS is either gea1, gea2 and gea3.
In the United States, a certain 3 letter network operator specifically forces the newer authentication algorithms to be disabled
http://abcnews.go.com/Blotter/men-believed-northwest-airlines-plot-set-free/story?id=9434065
It certainly is stuff that matters. We heard enough around here about Gitmo when it was used against Bush. Let's continue to hear the truth today instead of falling pray to the media whore known as Slashdot.
Even if decryption of GSM is easy, it's still more secure than AMPS.
I just stopped using AMPS last year and I fully knew that anything I say can easily be overheard.
You just don't say anything sensitive over the phone.
Those worried about corporate espionage need a smart-phone with end to end encryption.
Maybe this will entice some hardware company to create an option for this.
I see how decrypting a phone call could be cool...if this was 1985 and i wanted to brag to my friends on BBS about it. I know it wouldnt be impossible but how difficult would it be to follow one user around all day with surveillance equipment waiting for them to make one phone call. i guess the thing to do would be to set up shop around a busy work place and setup a piece of hardware to log ALL of the GSM data traffic (text, net, and other packets) until you have a harddrive full of information. At some point you would luck out and get some poor schmoes passwords and dirty text messages.
or is that the actually concern.
there is a story floating around about terrorist using $26 software to watch the video feeds from UAV's. Basically they can do this because no one wants to spend the money to make the hardware and software secure...so the terrorist win. But the only people affected by this dont have any recourse against the government if they are killed because of intercepted information. But god forbid that my BFF Jill has her facebook password intercepted and stolen via text, because this will result in an endless series of lawsuits that will never fix the problem.
This doesn't have anything to doe with global government, they could care less (they are always one subpeona (if you are lucky) from ALL of your personal data). This comes down to the fact that, for what its worth, GSM encryption worked well enough, it was reliable, and most importantly, it had payed for itself.
So now, the real concerns is how can they replace it before GSM providers start getting their asses sued off, and how cheaply can they do it.
they say it is often more relevant then the comment above, all we know is its called the Sig!
on Nov. 9, 2007
Just think, if Bush had bothered to hold trials for the fuckers they'd have been swinging from the gallows off Havana. Instead, he set free a bunch of bombers to "show them democrats" that their touchy-feely "rule of law" shit was a pile of crap and the constitution is a goddamn piece of paper.
First problem:
Two of the four leaders allegedly behind the al Qaeda plot...
Did you catch the key word?
Second problem:
Let's continue to hear the truth today instead of falling pray to the media whore known as Slashdot.
Yep -- you're a moron. Slashdot is a "Media Whore", yet you linked to ABC News? Just what media is Slashdot a whore to?
Don't thank God, thank a doctor!
An increasing number of people I know are stopping using mobile phones blindly. One should use mobile phones like postcards -- you say something over the phone only if you could shout the same thing to the public without having privacy concerns.
Colorless green Cthulhu waits dreaming furiously.
How stupid! While I wouldn't be happy about having my work decrypted, throwing the whole 'it's illegal' red herring out there is just plain dumb-assery!
The fact is, you want to know when your OUTDATED encryption techniques are no longer useful.... but perhaps Bransfield-Garth would prefer a hostile agency do the work and leave it unpublished?? Yeah, I thought that was the less desirable option.
What a dick!
I am open source, and Linux baby!
From TFA:
"The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted."
I feel much easier knowing that the G.S.M. Association will be wielding its copyright to ensure my security. Who needs security when we have copyright?! Security via copyright assertion has worked so well for the film and music industries. Hasn't it?
Perhaps there should be a license to practice security, like there is a license to practice medicine.
I can't just flop open a sturdy table and hang out a cardboard sign "Your Appendix Out -- CHEAP!"
Likewise, perhaps we can cut down on some of this security theater crap if there was a license to practice security.
Offering and defending quack remedies like security through obscurity would be grounds to have your license permanently revoked.
Selling unapproved encryption as "secure" would also be grounds for license revocation. (Selling unapproved encryption as "experimental and probably insecure" is fine, so long as that's clearly labeled on the product.)
Surely not the people who loudly yak away on their cellphones in public where everyone can hear.
Hip Hip Horay !! Hip Hip Horay !! For H'e's a Jolly Good Felon, for he's a jolly good felon, for he's a jolly go felon, which nobody can catch.
Bloody well right indeed, you got a bloody well right to say. Illegal?
And the bad guys aren't going to publish the how-to at a conference.
Of course we do; and you would know that if you would bother to attended our regular super-villain's conferences at Microsoft HQ instead of wasting your time gold-farming on World of Warcraft. Come to think of it... that is one helluva pathetic way for a super-villain to spend his time. If you don't get off your ass and get busy doing some *real* evil we will ban you from the super-villain's society, lock you in a room for the rest of your life and force you to watch endless re-runs of "Sound of Music" ...well... actually.... it'll be either be that or a life sentence debugging Perl code. We are still debating which is worse.
There has to be more to it than that. If the "encryption" literally uses a substitution cypher or something that depends on a "codebook" then that codebook would have to be stored on every device and would be fairly trivial to discover and copy (not to mention any reasonable codebook would have crushed the available memory in any mobile devices back when GSM was invented). There would also be nothing theoretical about decrypting messages.
I think the article author is using the term figuratively.
From TFA:
"The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted."
I feel much easier knowing that the G.S.M. Association will be wielding its copyright to ensure my security. Who needs security when we have copyright?! Security via copyright assertion has worked so well for the film and music industries. Hasn't it?
So, all I need is a software defined radio and GNU Radio? wow that make it simple and cost under $500 to get.
The material published was not the GSM encryption algorithm, A5/1, which has been known for a long time. What is new is precomputed tables that make decryption very fast. These are similar to rainbow tables but combine additional compression techniques a better time-memory tradeoff.
operators, by simply modifying the existing algorithm, could thwart any unintended surveillance.
I love the use of the term "unintended surveillance".
The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl's efforts illegal and said they overstated the security threat to wireless calls. 'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. 'What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.'
Oh, so now it's illegal to divulge impractical attacks that do not threaten privacy?
So it has come to this... At last I'm a positive badass for my GSM attack where you build a Turing-complete duck-based processor (using tasty duck treats to encourage the ducks to behave like little waddling transistors) and then use that to attack the crypto through brute-quacking-force! Ahhh HA HA HA!
You'll never catch me, coppers!
you missed one where it is crucial: imei N/A, non-stationary multi-cell, GPS or other. please think before posting or better still don't post misleading replies as you are obviously ignorant of the subject matter.
This was a selfish and thoughtless act. His own security and that of his country may be at risk eventually.
[...] do a meet-in-the-middle. That's sqrt(2^n), which is still exponential (it's sqrt(2)^n).
Nitpick: it's 2^(n/2). Still exponential, though (you have halved the effective key length, but you might be paying a high price for that).
Totally agree with the rest, though.
Honestly, I suspect that a few things are in play here:
- A5/1 is relatively easy to implement in limited hardware.
Schneier forwards the guess that the French government (which was ever wary of strong cryptography) pushed for a deliberately weak standard, whereas (West) German government (which was near to the iron curtain and seemed not to like the idea of "Russians" eavesdropping) pushed for a stronger cryptography. French won.
(And yes, I know that governments can eavesdrop anyway and so on, but honestly: since when do behave governments logically? Look at all this export restriction nonsense (PGP anyone?). Heck. Look at the TSA.
The mere idea that individuals can encrypt something in a way that "law enforcement" cah't decrypt it seems to put governments into stupid mode.
(Note: I have RTFA, but I'm quoting mainly from the summary here.)
Feh. Steve Gibson explained the flaws in GSM in very precise, technical detail in his podcast with Leo LaPorte back in September. See episode 213 of Security Now, "Cracking GSM Cellphones". He explained how the algorithm was implemented in hardware, right down to the hardware level.
Oh yes, they'd like us to believe that reverse engineering encryption is illegal. It is not. Eavesdropping on cell phone calls is illegal only because cell phone carriers have always used technology decades behind the state of the art. It's a crappy regulatory patch to a massive technical loophole. It's akin to a law forbidding wifi cards from supporting "monitor mode" because you can use it to eavesdrop on unencrypted wifi traffic. Karsten Nohl is not recommending that anyone eavesdrop on other people's phone calls. He's trying to show the public that their conversations are as good as "in the clear" and gosh darn it, the billion-dollar wireless industry just doesn't like that a bit.
Nope, even better: it puts GSM decryption technology within the reach of anyone with a 2TB hard disk, $1000 of radio equipment, and the time to figure out some software. And, as I pointed out already, this has been known for some time. Until recently, the weaknesses of GSM has been the skeleton in the closet of the wireless industry. It should have seen the light of day years ago.
This is not an easy problem for them to solve, either. A5/3 is much better encryption, but as I understand it, almost every handset in existence can be forced to fall back to A5/1 (or even A5/0, no encryption) relatively easily.
Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology — limited to governments and intelligence agencies — within the reach of any reasonable well-funded criminal organization.
Can someone please tell me the difference between "governments" and "well-funded criminal organizations"?
It could be more secure if the TSA were put in charge. Random body cavity searches for cellphone users would make me feel more secure about talking on my cellphone. Limiting calls to between 3am and 3:15 am local time would also be effective at defeating any attempt to use Al Gore-isms to decrypt my calls. The TSA is da bomb.
Yep, it's copyrighted alright. By the Free Software Foundation.
says Claire Cranton, a GSM spokeswoman,...snip...To do this while supposedly being concerned about privacy is beyond me.'
Wow, how narrow minded and short sighted of you, not all people break, crack and hack stuff for nefarious means, seriously, are you that stupid that the reasoning behind this is "beyond you"? or is it that you think others are beneath you? Some do it because they can, other to see if they can, and some to show narrow minded, short sighted execs what _could_ be done by those with the skills. Wise up, listen and act instead of pointing fingers and jumping up and down.
whenever i hear about a crack like this, there's always this threat to sue/ jail immediately put forth. why shouldn't there be an open promise to reward crackers instead? why don't they HIRE the guy who cracked their scheme to fix the weakness?
1. it encourages crackers to go to you, rather than going underground
2. it suggests to your clients that there are no challenges to your scheme out there, it ensures your algorithm/ scheme is sound, since a crack would reveal itself in an open, non criminal/ non litigious, reward-oriented environment
surely there's someone in business who understands these two attributes are worth far more to you than paying some lawyers to chase ghosts around the internet
and the secret always gets out regardless, its not like they ever stop the crack from gaining wide knowledge
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Are you practicing security through repetition?
http://it.slashdot.org/comments.pl?sid=1491648&cid=30579990
http://it.slashdot.org/comments.pl?sid=1491648&cid=30579998
http://it.slashdot.org/comments.pl?sid=1491648&cid=30580026
http://it.slashdot.org/comments.pl?sid=1491648&cid=30580012
Please tell us all about "When a PHB hears..." and "Security, through hidden algorithm..." again. I don't think saying it four times is enough.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
http://news.ycombinator.com/item?id=1019162
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
This sounds a bit like the Scientology Defense - "this is completely made up and it's also copyrighted by us."
...You're complaining that your CELL PHONE call is insecure? Really? Isn't that like complaining that your neighbor can hear when you're shouting from the rooftop?
If you want a secure conversation, don't use a cellphone. (And hint1: without supplemental hardware, that's not secure either; hint2:even WITH supplemental hardware, its probably not secure anyway.)
-Styopa
Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology — limited to reasonably well-funded criminal organizations — within the reach of any government and intelligence agency.
There, fixed that for you.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
CDMA uses the CMEA and ORYX algorithms, which are pretty weak as well, as shown in the linked papers. However, CDMA has somewhat of an advantage, because it's difficult to obtain the encrypted data stream in the first place: the nature of CDMA transmission means you can't pull a signal out of the noise unless you know the codes being used by the base station and handset.
Visual IRC: Fast. Powerful. Free.
'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption.
"There has never been a successful escape from Stalag 13." - Werner Klemperer as Colonel Klink, Hogan's Heroes
Slides from Karsten's presentation at the CCC.
The A5/1 cracking project.
A5/1 was cracked in 1999.
http://cryptome.org/a51-crack.htm
If anyone wants actual security on a phone, the phones should encrypt end-to-end so that the carrier doesn't know the phone call. The difficulty here is getting a certificate system in place. But there are several viable solutions to that.
You must be new here, welcome!
Well ok, but in this case you're comparing it to a stream cipher that doesn't work: it's not secure and it hasn't been for quite some time.
AES isn't the only cipher that they could use. It's just an example of a cipher that is known to be "pretty good" that they could implement without doing huge amounts of cyptorgraphy research: if it's good enough for the NSA to recommend it for "Secret" and below, it's good enough for protecting a bunch of tweets.
Pick something else that is faster though if necessary. There is probably some favorably licensed open source code out there you could grab on any of the well-known ciphers, reducing the effort and cost even further.
It's a disservice to your customers to do nothing at all about it.
Can you be Even More Awesome?!
Hes nothing but a criminal in descise. What did he do? he deciphered the code,he didn't find a flaw or anything else he just figured out that the code is. Then just like all spoiled hackers who are ignored, he published it. Will normal people use the code? No,Governments already know the codes so that only leaves the criminals and voyeurs. The man belongs in jail if one person looses money because of him publishing the code,its just that simple.
Jack of all trades,master of none
Storing passwords securely is anything but trivial
It's a solved problem, and it was a solved problem in the 70's.
Store the sha1 hash of the password. Then, when the user inputs "open sesame", compare sha1("open sesame") to the stored hash. If they're the same, assume the user input the right password.
(Other cryptographic hash functions will do, and you probably want to add salt, but that's the basic idea.)
I don't see why you wouldn't want to use the secure solution over the obscure one. If it takes 1ms rather than 1ns to check the password, is the human typing it in really going to notice?
When there is a secure solution, why settle for the obscure one?
The carrier would have the other copy of the key in it's servers.
No! No, no, no!
I don't want to talk privately with my carrier.
Or at least, that's not my primary concern. I want my carrier to require me to prove my identity to them (so no one can impersonate me and rack up my bill), and I want to be able to prove my identity to them (so I can make calls).
I don't know the telephone protocol header diagrams; if I'm roaming it might be the case that I want to tell a bit of routing information to the other provider, tell something in secret to my service provider, but my main concern is that I want to communicate in private with the call recipient.
And to do that with gold-plated privacy I really need to pre-distribute long keys to every person I want to talk to. Not going to happen. It appears we will need a public key infrastructure. And for people to sign up to it without even knowing it's there, it'll probably have to be run by either the government or the telecommunications operators. But if it's run by the telecoms, they can MITM me, so that means the government. Meh...
Nitpick: it's 2^(n/2). [rather than sqrt(2)^n]
2^(n/2) = 2^(1/2 * n) = (2^(1/2)) ^ n = sqrt(2) ^ n.
Which nit were you picking? That I went too fast? Your observation that the key length is effectively halved is still true, FWIW.
Nohl's efforts could put sophisticated mobile interception technology -- limited to governments and intelligence agencies -- within the reach of any OTHER reasonable well-funded criminal organization.
Fixed
Come on... anybody who thought GSM was secure and nobody could intercept it is a moron. There are other well-known techniques such as IMSI-catchers which allow you to perform a MITM-attack and force the phone to use A5/0-mode (which means no encryption).
Not to mention that most governments can intercept the phone calls anyway.
.. but there aren't any links in TFA. Could anyone provide it here?
I was very surprised when I figured companies like Nokia calls their "smart phones" or even dumb phones as "Terminals" in documents.
Basically the thing we call a "phone" today is a handheld, almost general purpose computer with advanced communication capabilities and sensors (GPS etc.).
So, if you think outside the box and use your "phone" (terminal) as a TCP/IP connected client rather than using the network's GSM system for voice, the problem should be solved. Why not use Skype, Nimbuzz, Fring, Gizmo instead of GSM internally at company or between friends? Well, Skype can be cracked at some point, that is the time you move to another system/api.
The real solution is of course, using SIP/XMPP and openly encyripting it with real, time tested protocols which are documented. The third parties above (excluding Gizmo, which is open) are temporary solutions. If Google doesn't mess it up with privacy questionable "add in" stuff, Gizmo seems to be more scalable and open way of doing it.
Bad guys usually want to disguise as companies who make money and governments. Not the other way around.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
That's what the weak encryption is all about.
Moreover, any such equipment can be purchased or rented from a number of suppliers without any licensing whatsoever, at least in the US. There might be "watch lists" for that sort of thing -- who knows -- but regardless, the availability of such equipment is no barrier whatsoever.
https://www.eff.org/https-everywhere
..and cloning was demonstrated. See... http://www.scard.org/gsm/ http://cryptome.org/gsm-a512.htm http://cryptome.org/jya/gsm-cloned.htm http://www.isaac.cs.berkeley.edu/isaac/gsm.html
Since when does anyone but the completely clueless expect cel phones to be secure? People know not to ask about drugs over a cel phone, but they're dumb enough to give out personal and/or financial information? They deserve what they get. No amount of security can protect the willfully ignorant. All that can be done is to make breaches inconvenient, which GSM has accomplished adequately.
War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
Just a little comment
you can look at the presentation in PDF (powerpoint slides) here
http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
The reason it took Ian Goldberg three hours to crack one of the main GSM algorithms back then is that the Chinese restaurant near campus was having the good lunch special that day - he estimates it would have been more like two hours otherwise. It was really incompetently done, some variant on a fast Fourier transform, and the "we developed it in Seekrit so nobody can crack it" approach meant that there was no adult supervision. Had they developed the standard in public, they'd have been advised to use an algorithm that provided some actual cryptographic protection.
The "malice" part is that the most common implementation sets 10 of the 64 key bits to zero. (And that, of course, depends on whether your carrier even bothers to do the encryption - back when that version of the crack was announced, my GSM-based cellphone would always tell me that encryption wasn't enabled when I made calls, and I'm not sure if the reason it doesn't do that now is that the carrier's behaving themselves or if they just dropped the error message.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It seems that the real attack and the real code needed to do it was never released or proved to be working:
http://lists.lists.reflextor.com/pipermail/a51/2010-January/000341.html
Just a matter of misunderstanding or some delay due to the legal inquiry that the founder of the project received?
http://lists.lists.reflextor.com/pipermail/a51/2009-December/000296.html
Is this encryption only secure until I tell people that this is ROT-13?
Yes, but what you are doing is illegal in Britain and in the United States.
I say if corporations overlook the evidential failures in the technology they use, then they should blame no one but themselves. Ultimately all encryption will be 'cracked, bruted or hacked, etc' for various reasons. But what this gent has done is nothing more than show them there flaws, in order to force them to address a percievable serious concern.
The term:"Proof of Concept" springs to mind.
If the company has any interested in repairing any form of damamge (media, puplic & corporate image, branding, etc...) then they rather should focus work on correcting the software/technology failures, instead of taking the 'cheaper shot' of pointing out his actions are illegal in two countries.
And, for that matter, if he's in Germany and its (suppossedly) then not illegal for him to do so, whom claims they can stop him?
I don't see a Arab in Dubai, claiming that my drinking of alcohol in a Western Country, is illegal in Dubai; regardless of where the alcohol was made.
- Peanut Gallery