[ Home  |  FAQ-Related Q&As  |  General Q&As  |  Answered Questions ]

    Search the Q&A Archives

...get the A5/A8, Comp128-1 Comp128-2 ...

<< Back to: alt.technology.smartcards FAQ

Question by AFelix
Submitted on 4/26/2004
Related FAQ: alt.technology.smartcards FAQ
Rating: Rate this question: Vote
Where can i get the A5/A8,
  Comp128-1
  Comp128-2
  Comp128-3
Specifications and algorithm design?


Answer by Paulo
Submitted on 5/3/2004
Rating:  Rate this answer: Vote
A3A8 produces the 64 bit cipher key for A5. Many operators chose to use
only 54 bit cipher keys,
leaving the 10 rightmost bits zero.  This is an operator/implementation
choice, not a protocol issue.
In any case it does not affect the strength of the authentication, but
the strength of the ciphering
with A5. The A3A8 key is 128 bits, which is today strong enough if you
can rely on the strength
of the A3A8 algorithm.

COMP128-2 is a significant improvement on the weaker original
COMP128-1. It is at least not
vulnerable for the collision attacks that work for the original
COMP128-1. It is true though that
COMP128-2 is a secret algorithm and as not been subjected to public
scrutiny.

As COMP128-2 has not been released publically, we really don't know what
it is or is not vulnerable to.

I believe COMP128-3 is also available to carriers, but not published.

In addition Siemens has suggested a new A3/A8 algorithm based on
Milenage - which will be published for review.

However, this new algorithm may only be implemented in 3GPP networks.

http://lists.virus.org/gsmsecurity-0305/msg00012.html

Try 3gpp.org or the etsi site

 

Your answer will be published for anyone to see and rate.  Your answer will not be displayed immediately.  If you'd like to get expert points and benefit from positive ratings, please create a new account or login into an existing account below.


Your name or nickname:
If you'd like to create a new account or access your existing account, put in your password here:
Your answer:

FAQS.ORG reserves the right to edit your answer as to improve its clarity.  By submitting your answer you authorize FAQS.ORG to publish your answer on the WWW without any restrictions. You agree to hold harmless and indemnify FAQS.ORG against any claims, costs, or damages resulting from publishing your answer.

 

FAQS.ORG makes no guarantees as to the accuracy of the posts. Each post is the personal opinion of the poster. These posts are not intended to substitute for medical, tax, legal, investment, accounting, or other professional advice. FAQS.ORG does not endorse any opinion or any product or service mentioned mentioned in these posts.

 

<< Back to: alt.technology.smartcards FAQ

[ Home  |  FAQ-Related Q&As  |  General Q&As  |  Answered Questions ]
© 2008 FAQS.ORG. All rights reserved.