Re: TETRA encryption

From: David Wagner (
Date: 05/07/03

Date: Wed, 7 May 2003 16:22:48 +0000 (UTC)

David Garnier wrote:
>A5 hasn't been broken.

Can you explain the source of your confidence?

There are known-plaintext attacks on A5/1, though no one
(to my knowledge) has tried to work out whether the required
known plaintext is or isn't available in practice.
  Alex Biryukov, Adi Shamir, and David Wagner,
  "Real Time Cryptanalysis of A5/1 on a PC", FSE 2000.
A5/2 is much weaker. It's deader than a doornail, IMHO.

False base station attacks are maybe the most likely risk
in practice. There are man-in-the-middle attacks that can
be used to eavesdrop on GSM phones without breaking any of the

I agree with Paul Rubin. It seems likely that a hobbyist
with significant time, patience, technical knowledge, and
a digital receiver could intercept GSM calls.