Here is a small update on what I am currently working on in collaboration with other list members.
A A5Utility package is almost complete, with the following functions. a) Forwards & backwards stepping of A5/1 b) A5 GSM frame generator - makes 114 data with random key c) Key cracking code (CPU at the moment) - capable of cracking frames made using the generator. d) Table sorter for the cracking code. These tools are text based, and can produce output like fr...@quant:~/gsm/A5Util$ ./cracker easy.bin 146944 /media/disk/tables Table id is 146944 Looking at 3d47267f9d0476d0 Looking at 7a8e4cff3a08eda1 [....] Looking at 8e4cff3a08eda126 Looking at 1c99fe7411db424d #### Found potential key #### 3ec5e907335f2884 #### Stepping back to mix #### 3ec5e907335f2884 -> 3ec5e907335f2884 Candidate: f5a472fcfa67c694 ### Frame is 10 ### Currently it only list candidate keys prior to the 100 warming up clockings, an extra verification step will be added. Where are we going with all this then ? The point is to accurately estimate / demonstrate the strength & coverage of the produced tables. And it is envisioned that a fixed set of challenge blocks be created in a manner where we provably do not have the keys to the GSM frames. A set of 1000 such frames has been proposed. Then as in parallel with table generation, the tables are tested on the challenge set. The percentage of frames cracked in the challenge set will then reflect the probability with which a random frame can be cracked. All of this needs to be automated & integrated into the main tool, and the various file formats for compressed tables and challenge data (especially partial frames with error correction codes) needs to be standardized etc. I have created a testset of 1000 frames, with completely unknown keys taken from /dev/random, and a few minutes ago I managed to do my first crack - 435 frames into the set. This took ~20 hours without GPU acceleration, obviously this needs to be speeded up. In fact searching can be done at the same time as the tables are computed, by keeping a precomputed map of interesting end points to look for. But here is my questions for the list: How can we generate a trusted set of challenge frames that can be used to prove the weakness of A5/1 ? Who could be willing to generate the challenge, and certify that the key are random & unknown to any party ? I am thinking along the lines of asking a some recognized institution, and getting a court certification of the md5sum to the challenge set. Any better ideas ? f _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
