8 Mar
2011
8 Mar
'11
6:01 p.m.
On Tue, 8 Mar 2011 16:31:47 +0100, Alfonso De Gregorio wrote:
Interesting question, how do we know if it's comp128-2 what is being
used by a specific operator?
They can use whatever algo they want - or their equipment vendor
provides
- in their sims and auth infrastructure producing deliberately weakened
Kcs.
Actually
comp128-2 has a 54bit Kc it seems.
Have you observed a COMP128-2 implementation returning a 54bit long
Kc?, or have you heard about this from somebody else?
Can you please disclose more about the SIM model and the operator
running this A3/A8 implementation?
One more weakened key derivation function (after the first version)
would be interesting per se. Still, it would be even more interesting
to give a closer look at this obscure cipher we carry in our
pockets...
No question, there still are given out sims weakening the anyway broken
a5/1.
Interestingly I observed that operators have mixed occurrence of weak
for
one and non-weak Kcs for another sim.
Another possibility is that they are able to determine that for all
sims
by choice of the RAND the network sends. So some people, contract-wise,
phone-wise or regions could be easier tapped than others.
But it's just speculation...
The most promising approach after (really) good cryptologists looking
at
in- and output is to open up and grinding down a sim chip and taking
pictures to reconstruct its logic, as it has been done with mifare etc.
Aren't there people reading this who are experienced in the latter?
Regards,
Mad