Vin McLellan wrote: >A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and >developed as an export standard.

Yeah. Except it would be more accurate to place A5/2's strength as roughly equivalent to 17-bit DES. A5/1's strength is roughly equivalent to that of 40-bit DES. Of course, the GSM folks didn't exactly do a great job of disclosing these facts. They did disclose that A5/2 was the exportable version. However, when A5/2 was first designed, SAGE put out a report that claimed years of security analysis on A5/2 had been done and no mathematical weaknesses had been found. Now that we've seen A5/2, that report suffers from a certain credibility gap, to put it mildly... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]