SIM-Max Tech's Super-SIM

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.

Alfonso De Gregorio adg at crypto.lo.gy
Wed Mar 9 20:53:42 UTC 2011


On Wed, Mar 9, 2011 at 9:38 PM, Henk <henk.vergonet at gmail.com> wrote:
> On Tue, Mar 8, 2011 at 4:31 PM, Alfonso De Gregorio wrote:
>> On Tue, Mar 8, 2011 at 3:28 PM, Henk wrote:
>>> Actually comp128-2 has a 54bit Kc it seems.
>>
>> Have you observed a COMP128-2 implementation returning a 54bit long
>> Kc?, or have you heard about this from somebody else?
>> Can you please disclose more about the SIM model and the operator
>> running this A3/A8 implementation?
>>
>
> I found it in a some vendor related 3G spec some while ago, can't
> remember which one.
>
> After some googling I found the reference below, which also confirm a
> Kc of 54 bits, unfortunately I don't have access to the algorithm.
> This seems to indicate a completely new algorithm, some others suggest
> its a "patched" version of comp128.
>
> - henk

Thanks for the reference below. I didn't figured out before 10bits are
stuck at zero also with the v2 of COMP128.

Cheers,

alfonso

> "Quirke (2004). Security in the GSM system."
> ...
> Implementations of A3, A8
>
> Although the design of the GSM system allows an operator to choose any
> algorithm they
> like for A3 & A8, many decided on the one that was developed in secret
> by the GSM
> association, COMP128.
>
> COMP128 eventually ended up in public knowledge due to a combination
> of reverse engineering and leaked documents, and serious flaws were
> discovered (as discussed below).
>
> Some GSM operators have moved to a newer A3/A8 implementation, COMP128-2, a
> completely new algorithm which was also developed in secret. This
> algorithm for now
> seems to have addressed the faults of the COMP128 algorithm, although
> since it has yet
> to come under public scrutiny it may potentially be discovered via
> reverse-engineering
> and any possible flaws could be learned.
>
> Finally, the COMP128-3 algorithm can also be used, it is simply the COMP128-2
> algorithm, however all 64-bits of the Kc are generated, allowing
> maximal possible
> strength from the A5 ciphering algorithm (COMP128-2 still sets the 10
> rightmost bits of
> the Kc to 0), deliberately weakening the A5 ciphering.
>


-- 
  Alfonso De Gregorio
  BeeWise - Security Event Futures - http://beewise.org/




More information about the baseband-devel mailing list