Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Silicon.fr reporting GSM crypto broken
.

  • Subject: Silicon.fr reporting GSM crypto broken
  • From: [EMAIL PROTECTED] (Owen Blacker)
  • Date: Thu, 4 Sep 2003 13:56:07 +0100
.
 
Brian Beesley, quoting Ross Anderson:
> >
> > An alternative fix is perhaps just never to use A5/2. If a base
> > station wants to talk A5/2, talk in clear instead. I suspect that
> > this too could only be implemented on a smallish subset of the
> > fielded equipment base.
>=20
> Ummm - is this a "fix" - surely it would be easier still to eavesdrop
> or  break into a conversation if it were in clear instead of A5/2?

Yeah, the original A5/1 conversation's keys would remain secure.

> The A5/2 fix would be to ensure that a session was never set up using
> that  protocol. If a phone won't accept A5/1 then don't set up a
> session.

Indeed, though that might, presumably, have greater issues with legacy
hardware.

And I'd guess political pressure would be brought to bear.  After all,
this would make it harder to catch terrorists and p=E6dophiles and =
other
horsemen.

> If this fix breaks any phones, it's because they=20
> were defective to start off with i.e. A5/1 was not implemented
> properly hence  they were forced to A5/2.

That won't placate people whose phones suddenly become useless.

> > It's an interesting long-tail vulnerability resulting from weak
> > crypto mandated by governments.
>=20
> Yes. We need to break this sort of thing once & for all. Governments
> should  keep their noses out of private conversations, full stop.

Well, indeed.  But not enough people agree that that's the case (or
care enough to insist upon it).  And some people have a nasty habit of
using private conversations to coordinate bombmaking and child abuse
(and whatever), so politicians (and the gutter press) would never let
that happen...


O x
--=20
Owen Blacker
Senior Software Developer and InfoSecurity Consultant   Wheel: Group
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xa7cb7592 | 9c1c 2996 075b 2daa 3660  6d2f ee34 fc94 a7cb 7592
--=20
Opinions might not even be mine.  Other people can go get their own!

_____________________________________________________________________
This=20e-mail=20has=20been=20scanned=20for=20viruses=20by=20MessageLabs.
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.