Hi
If I understand it correctly then the COMP128 algorithm produces a 128
> bit output of which the first 32 bits are used as the response and
> only the last 54 bits are used for the session key (making the last
> ten bits of the session key zero), is this still the case?
* It's not exacty the 'last 54 bits', it's some mix of the '128 bits'
internal output that are taken and the last 10 as indeed set to 0.
* For what we call comp128v1, that will always be the case, by definition.
But what operator choose as algorithm for A3/A8 is entirely up to them, they
could implement _anything_ they want as long as the Authentication Center
and the SIM implement the same thing ... AFAIK most modern SIM don't use
Comp128v1 anymore and it's unknown what they use.
> Then what
> if A5/3 is used as encryption? It requires a 128 bit key, but if you
> just use the COMP128 output as a key, then the first 32 bits can were
> sent plaintext as the response.
>
> Can someone help me, or point me in the right direction / to the right
> document?
>
Mmm, I think I saw something mentioning just using the 64 bits Kc and
setting the rightmost 128bits to 0, but that's a quite far memory ...
In anycase, the sim only provides 64 bits no no matter how you 'mix' them
into 128, you will only always have 64 bits of entropy ...
> Also in Karstens and Pagets presentation it was mentioned that
> according to spec, mobile phones are required to alert the user if no
> encryption is used, but this feature can be turned of via the SIM
> card. Can anyone provide me with the spec document (or name / number)
> containing this? I've already fruitlessly looked through lots of ETSI
> documents They lack a cool search feature to find the document you
> need for a certain subject.
>
For the sim part: GSM 11.11 Section 10.3.18 in the EF_ad
For the MS part: GSM 02.07 Annex B.1.26
Sylvain
_______________________________________________
A51 mailing list
[email protected]
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
