[2628] in cryptography@c2.net mail archive
Re: TIME Magazine on GSM cell phone crack
daemon@ATHENA.MIT.EDU (Harald Hanche-Olsen)
Mon May 4 11:22:23 1998
To: cryptography@c2.net
In-Reply-To: Your message of "2 May 1998 20:48:25 GMT"
<6ig0qp$nds$1@abraham.cs.berkeley.edu>
Date: Sun, 03 May 1998 14:31:35 +0200
From: Harald Hanche-Olsen <hanche@math.ntnu.no>
- iang@cs.berkeley.edu (Ian Goldberg):
| In article <19980430111709D.hanche@math.ntnu.no>,
| Harald Hanche-Olsen <hanche@math.ntnu.no> wrote:
| >Presumably, only getting 32 bits of the COMP128 output per round
| >must increase the difficulty of the cracking attempt, thereby
| >requiring more challenge-response pairs to make up for this.
|
| Nope. In fact, we took this into account when designing the attack.
| It is extremely rare that the first 32 bits of the COMP128 output of
| two different inputs will match, but the whole output will not.
I see. Are you telling me that the attack does not look at the
individual bits of the output, but only detects overall collisions?
In that case, you definitely have a point there.
Otherwise, you may still have a point, but I don't get it.
- Harald
