Talking about timely and untimely comments..... Check out Newsweek's credulous, confused, and tech-ignorant report about the (pre-oversight-hearing) moaning and and weeping at Fort Meade. Consider, with Newsweek, the momentous challenge the NSA confronts in e-mail and Internet phone calls (both "almost impossible to intercept," sez Newsweek); and the agony with which the NSA views the insidious spread of dangerous European cellular-phone crypto (which I presume means GSM;-) ROFL! If there were a hall of fame for incompetent and misleading journalism about crypto, this is a contenda! Consider one timely one-liner: >The NSA, for instance, wanted the CIA to do more “black-bag > jobs” — illegal break-ins — to steal European technology for >encrypting mobile phones. The embarrassment of the full text: <http://www.msnbc.com/news/342480.asp#BODY> -------------------- Adi Shamir <[EMAIL PROTECTED]> wrote: <snip> >Real-Time Cryptanalysis of GSM's A5/1 on a PC > >Alex Biryukov and Adi Shamir >Computer Science Department >The Weizmann Institute >Rehovot 76100, Israel > >Abstract: > >A5/1 is the strong version of the encryption algorithm used >by about 100 million GSM customers in Europe to protect the >over-the-air privacy of their cellular voice and data >communication. The best published attacks against it require >between 2^40 and 2^45 steps. This level of security makes it >vulnerable to hardware-based attacks by large organizations, >but not to software-based attacks on multiple targets by hackers. > >In this paper we describe a new attack on A5/1, which is based >on subtle flaws in the tap structure of the registers, their >noninvertible clocking mechanism, and their frequent resets. >The attack can find the key in less than a second on a single >PC with 128 MB RAM and two 73 GB hard disks, by analysing the >output of the A5/1 algorithm in the first two minutes of the >conversation. The attack requires a one time parallelizable >data preparation stage whose complexity can be traded-off >between 2^37 and 2^48 steps. The attack was verified with >an actual implementation, except for the preprocessing stage >which was extensively sampled rather than completely executed. > >Remark: The attack is based on the unofficial description >of the A5/1 algorithm at http://www.scard.org. Discrepancies >between this description and the real algorithm may affect >the validity or performance of our attack. > <snip>