01 January 2008

GSM Security...

If you plan to discuss *really* important secrets over the GSM mobile network, read this article (pdf) first:

We have presented a simple-to-implement known-plaintext at-
tack on the A5/1 stream cipher, and given an implementation
on a small FPGA. The attack is novel over previous attacks
in that it needs only a very small amount of plaintext frame
data. A distributed implementation on specialized hardware
was projected to derive a key within half a minute on the av-
erage. We conclude that the A5/1 algorithm is not secure for
longer phone calls.

Actually I didn't know it was feasible for non-government groups to crack GSM... but it seems to be...

Further info on this wiki. There is even a video available, from the 2007 CCC convention.