[tptacek]

In fairness, or whatever, the problem with A5/1 isn't simply that it's got a 64-bit key, but that it's a uniquely bad stream cipher prone to linear equation-style attacks and precomputation. Nate, Colin, or Bruce may smack me down for saying this, but I don't think you can apply the same attacks to, say, RC5.

For roughly a decade, pretty much anyone who attended more than one local 2600 meeting got the tech demo on snooping cell phone calls --- they were analog. Everything old is new again. It's nice that encrypted digital calls were so successful that the loss of their security is major news.

[jrockway]

Yeah, you are right. The impression that I got from the NYT article was that this was "given a trace and a bunch of computers, you can get the voice data... maybe, eventually", but the impression that I get from the talk is that it is actually realtime. That requires weaknesses in the crypto that are embarrassing for anything 1980s or 1990s vintage. I don't think this attack would be feasible if they used DES instead. (I will defer to you or cperciva for that one, however :)

[siculars]

what i got from the 3c talk is that the data stream is on the order of 80MB/s (tx/rx, because they need to record the entire spectrum due to frequency modulation) and that currently they have not found a way, it seems due to lack of fpga programming skillz, to decode in real time. it seems like they are recording and then decoding some time later via their 2TB lookup table. Even with the 64bit keyspace the lookup table is 2TB because its a rainbow lookup which means that only certain values at certain intervals are stored.