This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Mad mad at auth.seOn Tue, 8 Mar 2011 16:31:47 +0100, Alfonso De Gregorio wrote: >> Actually comp128-2 has a 54bit Kc it seems. > > Have you observed a COMP128-2 implementation returning a 54bit long > Kc?, or have you heard about this from somebody else? > Can you please disclose more about the SIM model and the operator > running this A3/A8 implementation? Interesting question, how do we know if it's comp128-2 what is being used by a specific operator? They can use whatever algo they want - or their equipment vendor provides - in their sims and auth infrastructure producing deliberately weakened Kcs. > > One more weakened key derivation function (after the first version) > would be interesting per se. Still, it would be even more interesting > to give a closer look at this obscure cipher we carry in our > pockets... > No question, there still are given out sims weakening the anyway broken a5/1. Interestingly I observed that operators have mixed occurrence of weak for one and non-weak Kcs for another sim. Another possibility is that they are able to determine that for all sims by choice of the RAND the network sends. So some people, contract-wise, phone-wise or regions could be easier tapped than others. But it's just speculation... The most promising approach after (really) good cryptologists looking at in- and output is to open up and grinding down a sim chip and taking pictures to reconstruct its logic, as it has been done with mifare etc. Aren't there people reading this who are experienced in the latter? Regards, Mad