I've not much time these days but I'd be happy to comment and provide
pointers. Your suggestion sounds good - I'm sure that Max would accept any
patches that would do what you suggest.
On 6 October 2015 at 12:12, Joseph Cardani jcardani(a)verizon.net [op25-dev] <
op25-dev(a)yahoogroups.com> wrote:
Hi All,
I would like to resurrect this RC4 thread.
Has there been any progress on this?
I believe that a full key variable brute force retrieval within OP25 would
raise way to many eyebrows. I believe a better idea would be two fold:
First modify OP25 to decrypt ADP, DES-OFB, AES256 etc with a known key. I
believe the code was discussed by Steve and Matt. So if you know the key
variable, simply enter it and decrypt away.
Second, modify OP25 to display the non-dropped “silence” bytes within the
6 blocks of data of VC1 & VC2. I believe this should be located in the
first LDU1 frame right after the Header frame. Do this for ADP, DES-OFB,
AES-256. Obviously the number of silence bytes would vary per algorithm.
That would be very valuable.
thanks,
Joe
On Feb 10, 2015, at 7:14 PM, matt.robert80(a)yahoo.com [op25-dev] <
op25-dev(a)yahoogroups.com> wrote:
I think its possible and would be great to have in OP25 (seeing as this
project is where these flaws were originally discovered and published)...
I addition the software be tweaked to produce known plaintext and
ciphertext pairs for DES-OFB key recovery as well - leaving the
computational problem up to the user.
One thing though - adding ADP and DES to the code will result in a massive
increase of people downloading and building OP25, plus the extra attention
it will get us... We should make sure our web server is bulletproof before
releasing such a beast ;)
Cheers,
Matt