Vin McLellan  wrote:
>A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and 
>developed as an export standard.

Yeah.  Except it would be more accurate to place A5/2's strength as
roughly equivalent to 17-bit DES.  A5/1's strength is roughly equivalent
to that of 40-bit DES.

Of course, the GSM folks didn't exactly do a great job of disclosing
these facts.  They did disclose that A5/2 was the exportable version.
However, when A5/2 was first designed, SAGE put out a report that claimed
years of security analysis on A5/2 had been done and no mathematical
weaknesses had been found.  Now that we've seen A5/2, that report suffers
from a certain credibility gap, to put it mildly...

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to