[A51] Announcing "Berlin A5/1 rainbow table set."
Great progress has been made in computing ATI tables with 100 extra clockings, we got some unexpected but very welcome help from university students, and at most there were 8 GPUs on the job. 2x5850 + 2x5870 + 2x5970 - allowing us to compute almost 2 TB of tables in around 4 weeks of time. Currently computation has been halted while we evaluate the coverage, look at better compressions schemes, and focus on more efficient ways to perform "table lookups" - a euphemism for cracking A5/1 i.e. recovering keys from cipherstream. 39-40 tables have been computed, in what we have dubbed the "Berlin A5/1 rainbow table set." The Berlin reference I feel is significant, besides the fact that the ideas to create these tables originated there, it has also has been a collection point for assembling the tables. Moreover, Berlin was also a focal point for tensions during the cold war, tensions that in fact dictated the need for creating A5/1 in the first place. In some ways A5/1 was intended as a virtual wall erected by the West towards the East, to safeguard privacy of communication. Fortunately the physical wall that separated East & West fell even before A5/1 was fielded in the first GSM networks in 1991. Still A5/1 continued to serve as a relatively effective protective measure for cellular communications. But over time, as computers, FPGAs eventually GPUs grew faster and faster, the once significant defenses of A5/1 started crumbling, and eventually they offered little or no protection. In response to the relentless advance of computing power, key-lengths were increased, but in short order the available arsenal of remedies where exhausted. Despite numerous claims that GSM encryption was at at the end of its useful life, the GSMA kept insisting that the security offered by A5/1 was adequate. Such denials and counterclaims, are obviously counterproductive and even dangerous. I therefore feel privileged to have taken part in this project, where hackers from both former East & West have worked together on dismantling the remains of A5/1 - and effectively declared it completely dead and broken. Our hope is that this will bring about a shift towards proper security in cellular communications, and not further compromised solutions like A5/1 was from the outset. The tables that constitute the "Berlin A5/1 rainbow table set." given by their IDs are as follows: 100 108 116 124 132 140 148 156 164 172 180 188 196 204 212 220 230 238 250 260 268 276 284 292 324 332 340 348 356 364 372 380 388 396 404 412 420 428 492 500 (284 & 492 are optional) Due to their size, theses tables are not easily copied over the Internet, so I have decided to resort to physical transfer in making copies available to research etc. This I will do by announcing some of my traveling to the list, and if there are interested receiving parties, I can bring along tables on hard disk(s) for replication. After some initial seeding, I believe there will be enough interest for these tables to make them go viral. In addition, anyone who finds themselves in Oslo, Norway are welcome to request a copy. The first available location to make a copy will be: * Bucharest, Romania, June 24th - July 5th 2010 Other arrangements can also be made, such as swapping preloaded disks for cash (165EUR @cost) at Schiphol airport. regards, Frank A. Stevenson ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
[A51] Announcing "Berlin A5/1 rainbow table set."
I would prefere the torrent way. I already seed the torrents that are available at the moment. When i have next 100Mbit down and 10Mbit up the torrent speed would get again a boot. 2010/6/17 javier falbo : > Hi Frank: > > Good news. > > I think we need to establish a new share torrent for the updated table, or > using the old way, just send a pre-formatted Western Digital 3TB disk (same > size as standard PC Hard-drive) by postal service worldwide for members. > > Encryption status: > GSM was academically broken in 1991. The algorythm is useless nowadays for > any real security service. > New WCDMA or 3G uses KASUMI algorythm which is also academically broken in > 2009. > Upcoming 4G or latest technology uses IP protocol, so the encryption is not > necessary at the air (maybe this could change). > > Recommendations: > In order to be secure, i suggest to install in your devices any AES256 > realtime encryption software (check that it dont share keys at the air). I > am using it in my Nokia Phone. Multiple encryption is the only solution to > be completely safe. > > Javier > > >> From: fr...@hvitehus.no >> To: 246...@gmail.com >> Date: Thu, 17 Jun 2010 12:06:29 +0200 >> CC: a51@lists.reflextor.com >> Subject: Re: [A51] Announcing "Berlin A5/1 rainbow table set." >> >> On Thu, 2010-06-17 at 11:38 +0200, Sylvain Munaut wrote: >> > 39-40 tables have been computed, in what we have dubbed the "Berlin >> A5/1 >> > > rainbow table set." >> > >> > And how do we make use of them ? >> >> The tables that currently reside in Norway can be used with the >> demonstration program found here: >> >> http://reflextor.com/trac/a51/browser/tinkering/A5Util/a5faster.cpp >> >> This line of code is limited to using a single table at a time for the >> moment, but new cracking code is being worked on. >> >> The copy of the tables found in Berlin have been transmogrified into a >> format that only works with yet-to-be released tools. >> >> The "Berlin A5/1 rainbow table set" has a ~22% chance of recovering the >> key from 114 bits of cipher. More tables will possibly be added in a >> second installment. >> >> Frank >> >> >> ___ >> A51 mailing list >> A51@lists.reflextor.com >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > No importa si es pesado o liviano. Con Hotmail Skydrive tenés 25 GB para > guardar todo. Clic aquí > ___ > A51 mailing list > A51@lists.reflextor.com > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
Why not upload them to Usenet? They have a 2 year retention these days and are a safe place for them to live (without getting taken down by some weird ass government) On Wed, Jun 16, 2010 at 11:21 AM, Frank A. Stevenson wrote: > Great progress has been made in computing ATI tables with 100 extra > clockings, we got some unexpected but very welcome help from university > students, and at most there were 8 GPUs on the job. 2x5850 + 2x5870 + > 2x5970 - allowing us to compute almost 2 TB of tables in around 4 weeks > of time. Currently computation has been halted while we evaluate the > coverage, look at better compressions schemes, and focus on more > efficient ways to perform "table lookups" - a euphemism for cracking > A5/1 i.e. recovering keys from cipherstream. > > 39-40 tables have been computed, in what we have dubbed the "Berlin A5/1 > rainbow table set." The Berlin reference I feel is significant, besides > the fact that the ideas to create these tables originated there, it has > also has been a collection point for assembling the tables. Moreover, > Berlin was also a focal point for tensions during the cold war, tensions > that in fact dictated the need for creating A5/1 in the first place. In > some ways A5/1 was intended as a virtual wall erected by the West > towards the East, to safeguard privacy of communication. Fortunately the > physical wall that separated East & West fell even before A5/1 was > fielded in the first GSM networks in 1991. Still A5/1 continued to serve > as a relatively effective protective measure for cellular > communications. But over time, as computers, FPGAs eventually GPUs grew > faster and faster, the once significant defenses of A5/1 started > crumbling, and eventually they offered little or no protection. In > response to the relentless advance of computing power, key-lengths were > increased, but in short order the available arsenal of remedies where > exhausted. Despite numerous claims that GSM encryption was at at the end > of its useful life, the GSMA kept insisting that the security offered by > A5/1 was adequate. Such denials and counterclaims, are obviously > counterproductive and even dangerous. > > I therefore feel privileged to have taken part in this project, where > hackers from both former East & West have worked together on dismantling > the remains of A5/1 - and effectively declared it completely dead and > broken. Our hope is that this will bring about a shift towards proper > security in cellular communications, and not further compromised > solutions like A5/1 was from the outset. > > The tables that constitute the "Berlin A5/1 rainbow table set." given by > their IDs are as follows: > > 100 108 116 124 132 140 148 156 164 172 > 180 188 196 204 212 220 230 238 250 260 > 268 276 284 292 324 332 340 348 356 364 > 372 380 388 396 404 412 420 428 492 500 > > (284 & 492 are optional) > > Due to their size, theses tables are not easily copied over the > Internet, so I have decided to resort to physical transfer in making > copies available to research etc. This I will do by announcing some of > my traveling to the list, and if there are interested receiving parties, > I can bring along tables on hard disk(s) for replication. After some > initial seeding, I believe there will be enough interest for these > tables to make them go viral. In addition, anyone who finds themselves > in Oslo, Norway are welcome to request a copy. > > The first available location to make a copy will be: > * Bucharest, Romania, June 24th - July 5th 2010 > > Other arrangements can also be made, such as swapping preloaded disks > for cash (165EUR @cost) at Schiphol airport. > > regards, > Frank A. Stevenson > > > ___ > A51 mailing list > A51@lists.reflextor.com > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
Naturally, copies of the full set can be picked up in Berlin at any time. Cheers, -Karsten On 16-Jun-10 10:21, Frank A. Stevenson wrote: > Great progress has been made in computing ATI tables with 100 extra > clockings, we got some unexpected but very welcome help from university > students, and at most there were 8 GPUs on the job. 2x5850 + 2x5870 + > 2x5970 - allowing us to compute almost 2 TB of tables in around 4 weeks > of time. Currently computation has been halted while we evaluate the > coverage, look at better compressions schemes, and focus on more > efficient ways to perform "table lookups" - a euphemism for cracking > A5/1 i.e. recovering keys from cipherstream. > > 39-40 tables have been computed, in what we have dubbed the "Berlin A5/1 > rainbow table set." The Berlin reference I feel is significant, besides > the fact that the ideas to create these tables originated there, it has > also has been a collection point for assembling the tables. Moreover, > Berlin was also a focal point for tensions during the cold war, tensions > that in fact dictated the need for creating A5/1 in the first place. In > some ways A5/1 was intended as a virtual wall erected by the West > towards the East, to safeguard privacy of communication. Fortunately the > physical wall that separated East & West fell even before A5/1 was > fielded in the first GSM networks in 1991. Still A5/1 continued to serve > as a relatively effective protective measure for cellular > communications. But over time, as computers, FPGAs eventually GPUs grew > faster and faster, the once significant defenses of A5/1 started > crumbling, and eventually they offered little or no protection. In > response to the relentless advance of computing power, key-lengths were > increased, but in short order the available arsenal of remedies where > exhausted. Despite numerous claims that GSM encryption was at at the end > of its useful life, the GSMA kept insisting that the security offered by > A5/1 was adequate. Such denials and counterclaims, are obviously > counterproductive and even dangerous. > > I therefore feel privileged to have taken part in this project, where > hackers from both former East & West have worked together on dismantling > the remains of A5/1 - and effectively declared it completely dead and > broken. Our hope is that this will bring about a shift towards proper > security in cellular communications, and not further compromised > solutions like A5/1 was from the outset. > > The tables that constitute the "Berlin A5/1 rainbow table set." given by > their IDs are as follows: > > 100 108 116 124 132 140 148 156 164 172 > 180 188 196 204 212 220 230 238 250 260 > 268 276 284 292 324 332 340 348 356 364 > 372 380 388 396 404 412 420 428 492 500 > > (284 & 492 are optional) > > Due to their size, theses tables are not easily copied over the > Internet, so I have decided to resort to physical transfer in making > copies available to research etc. This I will do by announcing some of > my traveling to the list, and if there are interested receiving parties, > I can bring along tables on hard disk(s) for replication. After some > initial seeding, I believe there will be enough interest for these > tables to make them go viral. In addition, anyone who finds themselves > in Oslo, Norway are welcome to request a copy. > > The first available location to make a copy will be: > * Bucharest, Romania, June 24th - July 5th 2010 > > Other arrangements can also be made, such as swapping preloaded disks > for cash (165EUR @cost) at Schiphol airport. > > regards, > Frank A. Stevenson > > > ___ > A51 mailing list > A51@lists.reflextor.com > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
> 39-40 tables have been computed, in what we have dubbed the "Berlin A5/1 > rainbow table set." And how do we make use of them ? I guess I'm looking for the executable where I give 64 bits a5/1 output, the table directory, and it gives me the R1/R2/R3 output. Does anything like this already distributed (even if slow/suboptimal) ? I had a quick look on the web site and the svn but didn't find anything to answer this. Sylvain Munaut ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
On Thu, 2010-06-17 at 11:38 +0200, Sylvain Munaut wrote: > 39-40 tables have been computed, in what we have dubbed the "Berlin A5/1 > > rainbow table set." > > And how do we make use of them ? The tables that currently reside in Norway can be used with the demonstration program found here: http://reflextor.com/trac/a51/browser/tinkering/A5Util/a5faster.cpp This line of code is limited to using a single table at a time for the moment, but new cracking code is being worked on. The copy of the tables found in Berlin have been transmogrified into a format that only works with yet-to-be released tools. The "Berlin A5/1 rainbow table set" has a ~22% chance of recovering the key from 114 bits of cipher. More tables will possibly be added in a second installment. Frank ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
Hi Frank: Good news. I think we need to establish a new share torrent for the updated table, or using the old way, just send a pre-formatted Western Digital 3TB disk (same size as standard PC Hard-drive) by postal service worldwide for members. Encryption status: GSM was academically broken in 1991. The algorythm is useless nowadays for any real security service. New WCDMA or 3G uses KASUMI algorythm which is also academically broken in 2009. Upcoming 4G or latest technology uses IP protocol, so the encryption is not necessary at the air (maybe this could change). Recommendations: In order to be secure, i suggest to install in your devices any AES256 realtime encryption software (check that it dont share keys at the air). I am using it in my Nokia Phone. Multiple encryption is the only solution to be completely safe. Javier > From: fr...@hvitehus.no > To: 246...@gmail.com > Date: Thu, 17 Jun 2010 12:06:29 +0200 > CC: a51@lists.reflextor.com > Subject: Re: [A51] Announcing "Berlin A5/1 rainbow table set." > > On Thu, 2010-06-17 at 11:38 +0200, Sylvain Munaut wrote: > > 39-40 tables have been computed, in what we have dubbed the "Berlin > A5/1 > > > rainbow table set." > > > > And how do we make use of them ? > > The tables that currently reside in Norway can be used with the > demonstration program found here: > > http://reflextor.com/trac/a51/browser/tinkering/A5Util/a5faster.cpp > > This line of code is limited to using a single table at a time for the > moment, but new cracking code is being worked on. > > The copy of the tables found in Berlin have been transmogrified into a > format that only works with yet-to-be released tools. > > The "Berlin A5/1 rainbow table set" has a ~22% chance of recovering the > key from 114 bits of cipher. More tables will possibly be added in a > second installment. > > Frank > > > ___ > A51 mailing list > A51@lists.reflextor.com > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 _ Ahora Hotmail es un 70% más rápido. Para que chequear correos sea cada vez más fácil. Ver más http://www.descubrehotmail.com/velocidad.asp ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
On Thu, 2010-06-17 at 18:27 +0200, Lubomir Schmidt wrote: > I would prefere the torrent way. I already seed the torrents that are > available at the moment. When i have next 100Mbit down and 10Mbit up > the torrent speed would get again a boot. > > 2010/6/17 javier falbo : > > Hi Frank: > > > > Good news. > > > > I think we need to establish a new share torrent for the updated table, or > > using the old way, just send a pre-formatted Western Digital 3TB disk (same > > size as standard PC Hard-drive) by postal service worldwide for members. > > The "Berlin A5/1 rainbow table set" fits comfortably on 2TB of disk using a simple compact representation. We are working on a entropy coding scheme that will bring the data down to ~1.63TB - which is a much better base for torrent distribution. Step 1, now is physical distribution, later these tables can be compressed and seeded to a torrent swarm. Prior to this will publish md5sums of the compressed files for verification purposes. Frank ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
So, how long does it take you now to search these tables for a single key? With what type of hardware? -Original Message- From: a51-boun...@lists.reflextor.com [mailto:a51-boun...@lists.reflextor.com] On Behalf Of Frank A. Stevenson Sent: Wednesday, June 16, 2010 11:21 AM To: a51@lists.reflextor.com Subject: [A51] Announcing "Berlin A5/1 rainbow table set." Great progress has been made in computing ATI tables with 100 extra clockings, we got some unexpected but very welcome help from university students, and at most there were 8 GPUs on the job. 2x5850 + 2x5870 + 2x5970 - allowing us to compute almost 2 TB of tables in around 4 weeks of time. Currently computation has been halted while we evaluate the coverage, look at better compressions schemes, and focus on more efficient ways to perform "table lookups" - a euphemism for cracking A5/1 i.e. recovering keys from cipherstream. 39-40 tables have been computed, in what we have dubbed the "Berlin A5/1 rainbow table set." The Berlin reference I feel is significant, besides the fact that the ideas to create these tables originated there, it has also has been a collection point for assembling the tables. Moreover, Berlin was also a focal point for tensions during the cold war, tensions that in fact dictated the need for creating A5/1 in the first place. In some ways A5/1 was intended as a virtual wall erected by the West towards the East, to safeguard privacy of communication. Fortunately the physical wall that separated East & West fell even before A5/1 was fielded in the first GSM networks in 1991. Still A5/1 continued to serve as a relatively effective protective measure for cellular communications. But over time, as computers, FPGAs eventually GPUs grew faster and faster, the once significant defenses of A5/1 started crumbling, and eventually they offered little or no protection. In response to the relentless advance of computing power, key-lengths were increased, but in short order the available arsenal of remedies where exhausted. Despite numerous claims that GSM encryption was at at the end of its useful life, the GSMA kept insisting that the security offered by A5/1 was adequate. Such denials and counterclaims, are obviously counterproductive and even dangerous. I therefore feel privileged to have taken part in this project, where hackers from both former East & West have worked together on dismantling the remains of A5/1 - and effectively declared it completely dead and broken. Our hope is that this will bring about a shift towards proper security in cellular communications, and not further compromised solutions like A5/1 was from the outset. The tables that constitute the "Berlin A5/1 rainbow table set." given by their IDs are as follows: 100 108 116 124 132 140 148 156 164 172 180 188 196 204 212 220 230 238 250 260 268 276 284 292 324 332 340 348 356 364 372 380 388 396 404 412 420 428 492 500 (284 & 492 are optional) Due to their size, theses tables are not easily copied over the Internet, so I have decided to resort to physical transfer in making copies available to research etc. This I will do by announcing some of my traveling to the list, and if there are interested receiving parties, I can bring along tables on hard disk(s) for replication. After some initial seeding, I believe there will be enough interest for these tables to make them go viral. In addition, anyone who finds themselves in Oslo, Norway are welcome to request a copy. The first available location to make a copy will be: * Bucharest, Romania, June 24th - July 5th 2010 Other arrangements can also be made, such as swapping preloaded disks for cash (165EUR @cost) at Schiphol airport. regards, Frank A. Stevenson ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
On Mon, 2010-06-21 at 15:21 +0300, Uri Savoray wrote: > So, how long does it take you now to search these tables for a single key? > With what type of hardware? The limiting factor for lookups will be IOPS of your storage hardware. Looking up a single 114 bits burst in 40 tables, requires 51*8*40 = 16320 read operations. A stack of 10 rotating hard drives will need 16.3 seconds (@ 100 IOPS pr drive ) - SSD storage will bring about a tenfold increase in speed and cost roughly. 2-3 burst worth of data will on average be needed to recover a single key, bringing the total lookup time to 40-50 seconds on a stack of spinning disks. The code for doing this is still at an experimental stage, and much design work needs to be done. Using Native Command Queues (NCQ) for instance can bring a boost to the lookup, and needs to be thought about when doing the software architecture. Frank ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] Announcing "Berlin A5/1 rainbow table set."
Hi Javier, On Thu, Jun 17, 2010 at 20:13, javier falbo wrote: > Upcoming 4G or latest technology uses IP protocol, so the encryption is not > necessary at the air (maybe this could change). If you want really strong encryption, IP-level encryption is not enough, you need "line-encryptioin" (not sure about the correct English term - this is when data is encrypted at low level, so it appears as a constant stream of noise without variation is the rate). But "line-encryption" is obviusly works against batery time of live and is unlikely to be deployed in commercial networks. -- Regards, Alexander Chemeris. http://www.fairwaves.ru ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51