On 4/24/10 11:28 AM, Frank A. Stevenson wrote: > I have started computing tables with the following parameters: > DP=12bits , rounds=8, extra clockings=100 > .. > [Lookup from table with ID:100] > #### Found potential key (bits: 37) > #### ae5b16cb41710ba0 > #### Stepping back to mix > #### ae5b16cb41710ba0 -> ae5b16cb41710ba0 > Candidate: f5212b11b0342617 > Candidate: f5212b88d81c2617 > ### Frame is 257 ### > > I have previously been able to find keys that produce challenge output, > but this is the first key that passes the backwards clocking test. The >
This is really, really good news! Well done! > candidates are equivalent, and will both produce the same GSM frame. > > (I assume you and others know this, but just to clarify to anyone else listening: ) This equivalence of course is logical (for candidates derived from a single hit from the table) - the real test will lie in trying to decode other frames from the conversation. In theory only one candidate will get you to the right Kc (*) when clocking out FN. In theory there is the chance that you hit on a branch of states producing the right keystream, but being a totally different state, but I assume this chance is approximately zero. Cheers, M. (*) we don't really need or want to get to Kc, but we are merely looking for the A5/1 state after clocking Kc in _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
