Ok, I guess now it’s really time to start worrying about the privacy of our cellphone conversations.
Only a few weeks after the report that the 20 year old 64-bit A5/1 GSM encryption was cracked (which I really didn’t care about because almost all telecoms either retired it or were in the process of doing so), the geniuses at Israel’s Weizmann Institute of Science went ahead and cracked the KASUMI system — a 128-bit A5/3 algorithm implemented across 3G networks — in less than two hours. Now 2 hours may seem a long time to you but for a proof-of-concept with an unoptimized implementation that ran on a single PC we can only assume that it won’t be that long before all the secrets we spill on our phones can be decrypted on-the-fly. The publishers also condemn the presumably red-facedÂ GSM Association for moving from MISTY — a more computationally-expensive but much stronger predecessor algorithm — to KASUMI.
I will use Skype the next time I need to discuss highly sensitive matters, as far as I know, that encryption hasn’t been cracked yet.