Mobile hack shows need for security upgrade Last week the Chaos Computer Club announced it had cracked GSM, but by Friday the GSMA was saying the attack was completely impractical - so should you be worried? The attack proposed by the CCC is based on a Rainbow table: an enormous list of known results to which an encoded message can be compared to look up the key, rather …
"The GSMA has been claiming that an A5/1 Rainbow Table will need the equivalent of a tower of books 20km high, which is about as useful as saying that such a table couldn't be written on a fish."
Coincidentally, that's how I back up my data... But I prefer two towers for redundancy (I've got a colocation arrangement with Saruman). Backing up the video collection isn't so good, you lose a bit in the conversion/compression algorithms. Most of my vids fit onto one page:
"Dave the plumber enters the house, some music starts playing and all plumbing interests divert to the biological type"
The alternative was printing out each frame with subtitles, but that would require 4 towers.
That was excellent until you recommended Skype.
IIRC Skype _claim_ to use AES 256 for their call encryption, but being a completely closed-source outfit there is no way to verify whether this is true and/or whether the implementation is bug- and backdoor-free.
I mean sure, there's no particular reason to distrust Skype, but equally well there's no particular reason to trust them.
Or am I behind the times?
Searching 2TB is not that difficult, if a group of 5 people work together and split the 2TB of data between them so they each simultaneously search 400GB then this will be significantly quicker than an individual search 2TB.
If each person has two laptops then each computer is only searching 200GB at the same time, as the number of computers increase the search time is reduced making it very practical. With 64 computers each with 16GB of RAM most of the 2TB could be held in RAM making it very quick.
.. sold in the last 12 months. Unfortunately they can't be sold as supporting it because to pass validation they need to have been tested on at least 2 live networks, and guess how many live networks support A5/3?
On the plus side, perhaps GSMA will start pushing it again now.
Listening on the air side is not just of interest to criminals, the FBI has documented its use of this technique that it calls Triggerfish. It is also suspected that some foreign embassies may be using phantom cells in London.
RupertG speculated about this in
http://community.zdnet.co.uk/blog/0,1000000567,10011953o-2000331777b,00.htm
br -d
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
