Bugtraq mailing list archives

Re: otp - the next generation

From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Fri, 23 Mar 2001 11:03:08 -0700

I don't know much about mobile phone systems so please correct me if I am
wrong. While SMS was born out of GSM its independent of it. You can find
SMS in other network/protocols like CDMA (like my own phone).

At least within GSM you are not guaranteed your traffic will be encrypted.
Encryption is optional although most phone will tell you whether encryption
is enabled and may allow you to only accept encrypted traffic.

Even when traffic is encrypted its probably encrypted with the A5 GSM
algorithm. Several years ago Marc Briceno, Ian Goldberg, and David Wagner
reverse engineered the A5 algorithms (A5/1 and A5/2). They and
Alex Biryukov and Adi Shamir showed that you can break A5 in real time
so there is little real protection being offered.

I am not sure if or how SMS is encrypted in other networks like CDMA.

http://www.scard.org/gsm/
http://jya.com/crack-a5.htm
http://cryptome.org/a51-bsw.htm
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Current thread:

otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
  - Re: otp - the next generation Casper Dik (Mar 23)
  - Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
  - Re: otp - the next generation Tollef Fog Heen (Mar 23)
  - Re: otp - the next generation Ben Laurie (Mar 23)
  - Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)