[Cryptography] on brute forcing 3DES to attack SIMs
D. Hugh Redelmeier
hugh at mimosa.com
Thu Jan 1 17:27:09 EST 2015
| From: ianG <iang at iang.org>
| http://threatpost.com/majority-of-4g-usb-modems-sim-cards-exploitable/110139
|
| “To brute-force DES keys, we use a set of field-programmable gate arrays
| (FPGA),
...
| It is enough to obtain the key within 3 days.”
|
| That was their fastest brute-force. If they had a partially known 3DES key,
| they could break it in 10 days.
Since 3DES takes 3 DES operations, that suggests that their brute
forcing of 3DES-with-partially-known-keys takes the same number of
trials as brute forcing of DES.
Apparently 3DES can be used with three keying options: use one, two,
or three 56-bit+parity keys. I've only used it with three 56-bit keys.
When used reasonably, it is a LOT harder to brute force than 3DES. (I
don't see how using one 56-bit key for 3DES is reasonable.)
So I think that either:
- their partial knowledge of the 3DES key is quite significant (56 or
112 bits?) OR
- the 3DES is using only one 56-bit key.
PS: I know that there are meet-in-the-middle attacks on 3DES but that
isn't going to apply on the same hardware that was used to attack DES.
More information about the cryptography
mailing list