Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps.
A government agency would be interested in breaking GSM crypto when it wants to target a phone call which is going through a switch and local wires that are under the control of another nation, or perhaps where it does not wish to go through whatever process might be required to gain legitimate or warranted access to the call's content.
A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and developed as an export standard.
I always thought that the important fact about the GSM secure crypto protocol, A5/1, was that it was reportedly chosen and adapted for this function by the (never identified) members of the GSM SAGE committee of European experts, a multi-national group of industrial and government representatives.
I always presumed the SAGE group had a common interest in unwarranted access -- to (A5/1-secured) calls in Europe, as well as (A5/2) calls elsewhere -- which, for the various national security agencies involved, outweighed their individual interest in providing security to their respective citizenry.
As I recall, COMP128 came from German sources, and A5/1 was adapted from a French naval cipher.
Breaking GSM is only of useful if you have no access to the landline portion of the system.
That's right, of course.
Crypto aside, I was wondered if it might be somehow easier (legally, technically, procedurally) to attack the radio link of a roving GSM call -- even given the rapid pace of hand-off from one tower to another, as a mobile caller rapidly passes through several small microcell territories -- than would be to recover that call by tracking it through a large number of successive connections to the land-line telecom GSM switches. A friend was telling me that he switches from one microcell to another every couple hundred yards in some communities.
_Vin --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]