Vulnerability Development mailing list archives
Re: Q: Voice over IP security - anyone?
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Tue, 10 Oct 2000 09:00:57 +0200
For GSM it was not cluelessness.
...
Because of that I was very puzzled why there was such a big fuss about some people cracking the crypto a couple of years ago. I mean, it's intentionally weak, so why were people so surprised it was cracked? Also don't know why some crypto people appeared to be surprised the crypto was weak.
Because the algorithm wasn't only weak, it was quite bad and flawed. They would had gotten more security out of DES with less resource usages. And DES 40 bit is enough for the big guys to crack it easily. By their choice of algorithm it is crackable to anyone in real time, whatever the size of key is. (IIRC, it first crunches the key to 40bit, but then the algorithm itself is flawed and doesn't use all 40 bits of entrophy ;) It wasn't that GSM was insecure that was a problem, it has been considered so for a long time (as a matter of fact, in sweden the fact that it is encrypted has almost never been mentioned) and there has actually been security police (SÄPO) publicly warning companies that they can be monitored. It was the fact that it was stupidly flawed that caused the sudden interest :)
Anyway, you don't even need to crack GSM crypto to listen in. The
...
Whatever it is you definitely can listen in to conversations at the phone exchange level.
This was mentioned in the mail you replied to ;-) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Q: Voice over IP security - anyone? Craig, Scott (Oct 05)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 07)
- Re: Q: Voice over IP security - anyone? Lincoln Yeoh (Oct 08)
- Re: Q: Voice over IP security - anyone? Cold Fire (Oct 08)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 10)
- Re: Q: Voice over IP security - anyone? Lincoln Yeoh (Oct 08)
- <Possible follow-ups>
- Re: Q: Voice over IP security - anyone? Guilherme Mesquita (Oct 08)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 07)