lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00a101c2d6ec$079d2400$0100000a@yrpxb5>
From: yossarian at planet.nl (yossarian)
Subject: Pt.2 of the  X-Force claims 5 years old COMP128 crack?

It is even worse than I thought - and I quote:
"Biryukov, Shamir and Wagner also discovered three possible attacks on A5/1
that would yield effective results and could be achieved on a modern PC in
seconds.

It should be noted that, at the time this was performed, the equipment used
was prohibitively expensive.

But the hardware costs have significantly reduced over time and today the
equivalent system could be created for less than $40,000, placing it well
within the budgets of organised criminals or those interested in industrial
espionage".

So I checked - hey I don't have 42.120 Euro laying around, so I wanted to
know what was needed. What totally amazing discovery:
http://www.iol.ie/~kooltek/gsmpaper.html

And I quote form the URL above: "0630 Hrs 07 December 1999

A paper by Alex Biryukov and Adi Shamir to be published soon outlines a
method to recover the key for an encrypted GSM conversation in less than a
second using a PC with 128 MB of RAM and 73 GB of hard drive space.

I guess I don't need the wallet thing to get some cash, since way over this
very specs is purring under my desk. Yeah, but this was way back in '99. So
I checked - Twas the year I bought the AMD500 my wife uses now. With 256 Meg
and I also bought 4 34 Gig SCSI disks for the server. At the then going
price of some $2200. Any new PC going at $500 now, is way over these specs.
Oh my, this is well within the budgets of organised crime of those
interested in yada yada yada. Now I am really scared.

I am very interested in what went wrong here? Is this a case where full
disclosure was considered dangerous?






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ