[Cryptography] on brute forcing 3DES to attack SIMs

Peter Trei petertrei at gmail.com
Sat Jan 3 11:45:15 EST 2015

[Full disclosure: I persuaded RSA to set up the Symmetric Key Contests back
in the
90s, which broke single DES. I contributed one of the early brute force
tools, and
set up the format of the contests, and verified solutions].

I was quite boggled to see this claim. Digging through to the original
article, it looks
like they have a system to crack single DES - which is totally plausible -
Deep Crack could do that in 1998.

However, the longest key that I know to have been publicly brute forced was
RC5 with a 64 bit key, by distributed.net back in 2007(8?). d.net is
working on a
72 bit key, but have barely made headway. 112 and 168 bit keys (2 and 3 key
3DES) remain computationally infeasible to brute force.

The claim vs 3DES is couched in terms of a 'partially known key', without
much more
info, so I can't really evaluate it.

They also point out they can circumvent A5/1 encryption, which is a bit
since the A5 suite of stream ciphers was pretty well broken over a decade
ago, by
Barkan, etal.

The exposure of poorly protected SIM cards is a Good Thing, since it may
prod the manufacturers to up their game. But some of the claims seem more
then a little inflated.

Peter Trei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150103/b5d21046/attachment.html>

More information about the cryptography mailing list