On Tue, Jan 05, 2010 at 07:51:03AM +0300, Alexander Chemeris wrote: > Also you *have to* capture full band before you find a key, > because you do not know hopping sequence without > deciphering. That's why GSMA referred to hopping as > a "security feature" - if no ingenious solution is found, you > will have to demodulate full band and then apply cracking > to all combinations, which increase required computational > power by a several orders of magnitude. But probably some > ways to reduce required computational power exist. That's > the topic for further research.
the computational complexity does not increase because of that. what happens is that you break the cipher with the few frames that are sent on the original SDCCH after encryption is switched on and before a new hopping sequence is negotiated. then you know which frames to decrypt with the now known key from the wideband capture. the security feature of hopping only protects from people who do not want to spend the extra money. in reality that is a big win for the telco company, as the USRPs needed are the only non commodity hardware needed that is also quite expensive. _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
