Bugtraq mailing list archives
Re: otp - the next generation
From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Fri, 23 Mar 2001 11:03:08 -0700
I don't know much about mobile phone systems so please correct me if I am wrong. While SMS was born out of GSM its independent of it. You can find SMS in other network/protocols like CDMA (like my own phone). At least within GSM you are not guaranteed your traffic will be encrypted. Encryption is optional although most phone will tell you whether encryption is enabled and may allow you to only accept encrypted traffic. Even when traffic is encrypted its probably encrypted with the A5 GSM algorithm. Several years ago Marc Briceno, Ian Goldberg, and David Wagner reverse engineered the A5 algorithms (A5/1 and A5/2). They and Alex Biryukov and Adi Shamir showed that you can break A5 in real time so there is little real protection being offered. I am not sure if or how SMS is encrypted in other networks like CDMA. http://www.scard.org/gsm/ http://jya.com/crack-a5.htm http://cryptome.org/a51-bsw.htm -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
- Re: otp - the next generation Casper Dik (Mar 23)
- Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
- Re: otp - the next generation Tollef Fog Heen (Mar 23)
- Re: otp - the next generation Ben Laurie (Mar 23)
- Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)
- Re: otp - the next generation Szilveszter Adam (Mar 23)