LinuxVillage
LinuxVillage welcome => Technical discussions => Discussion démarrée par: ka9yhd le 21 juillet 2013 à 21:31:43
-
"Vulnerability in the security key that protects the card could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, a security researcher warns"
http://news.cnet.com/8301-1009_3-57594754-83/sim-card-flaw-said-to-allow-hijacking-of-millions-of-phones/ (http://news.cnet.com/8301-1009_3-57594754-83/sim-card-flaw-said-to-allow-hijacking-of-millions-of-phones/)
-
Interesting parts :
> The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s that is used on about 3 billion cell phones every day.
> Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card.
Now, guess who is responsible for the 56 bits encryption in DES (Digital Encryption Standard (https://en.wikipedia.org/wiki/Data_Encryption_Standard))?
(pause)
Tada... NSA!!
> A more contentious issue was the key size of DES. Authors like Richard J. Aldritch (GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency) would claim the key size was reduced to 56 bits because the NSA persuaded IBM to – a key size apparently the NSA and nobody else could crack at the time. Remember, the NSA’s design criteria was a cryptosystem suitable for unclassified data, not something that’s resistant to all threats.
https://xerocrypt.wordpress.com/2013/03/17/data-encryption-standard-the-serious-bit/