找回密码
 新注册用户
搜索
查看: 7052|回复: 5

[已翻译,待校对] [Creating A5/1 Rainbow Tables]New project uses distributed computing to break...

[复制链接]
发表于 2013-3-8 15:04:22 | 显示全部楼层 |阅读模式
本帖最后由 arthur200000 于 2013-3-9 09:38 编辑

传送门在这里
LZ找了好久发现一篇老新闻......
算了反正也应该有用。
类似的提到的还有这里有一堆结果。
Google关键词:Creating A5/1 Rainbow Tables Distributed Computing
@ledled @昂宿星团人 你们看看有乱码不?
Update:LZ表示发现了一堆乱码。。。。。。
New project uses distributed computing to break GSM cryptoby Steve Ragan - Aug 28 2009, 22:12[url=][/url]Tweet[url=]
[/url]



The Tech Herald talks with Karsten Nohl about Creating A5/1 Rainbow Tables.



Do you use a GSM phone? If so, then a new project recently launched by Karsten Nohl might interest you. That or it will completely freak you out. We spoke to Karsten to learn more about his project, which if successful, will allow anyone with some RF equipment, patience, and a $500 USD laptop, the ability to decode GSM-based conversations and data transmissions.



Nohl’s project targets the A5/1 vulnerability in GSM (Global System for Mobile communications). The A5/1 algorithm is one of the ciphers used on GSM networks. The purpose for A5/1 is to encrypt both voice and signaling data, and it is applied in both the handset and the Base Transceiver Station (BTS). The problem is that A5/1 is outdated and broken.

Update: The GSM Alliance has responded to the project in a statement. You can read about that aspect of the story here.

The security offered by A5/1 has been proven exploitable since 2000, but in 2008, The Hackers Choice set out to develop a more practical attack on the A5/1 vulnerability. Nohl’s project is a variation of the one started by The Hackers Choice, as it differs in the choice of hardware used to crack A5/1. Namely, his project uses graphics cards with GPU capability, and seeks to build a distributed infrastructure of nodes.

Each node will donate small portions of disk space, which will house part of the Rainbow Table that will be created and used to crack A5/1, and the fast GPUs will be used for the generation of, and lookup of, the nodes own table. After the work is complete, the code book produced will be given out freely, and can be used to listen in on GSM-based phone conversations, capture SMS messages sent over the GSM network, or both at the same time.

Nohl told The Tech Herald in an interview that the project expects to have a working proof-of-concept attack on A5/1, “…by the end of the year.”

He estimates that the project will need 80 people dedicating their hardware and processing resources for about three months before the PoC is ready. However, with 160 people, the time can drop to about six weeks.

The project is anonymous, and the hope is that as users finish their part of the process, they will upload their completed tables to anonymous repositories and share them with BitTorrent. The process will be organic, Nohl explained, “…these tables will just popup in random places.”

Since there is no hard usage data being kept, Nohl was unable to tell us how many people have downloaded the software needed, because the project doesn't keep those records by design. “We’re still confident that the initial estimate of involving 80 people for next three months can be held,” he said.

So the project is likely to be successful, but what about the risks? Wouldn’t this mean the criminals could get access to GSM networks and compromise subscriber privacy and security? Why would Nohl even consider this? As expected, there is nothing malicious whatsoever about his intentions.

“We thought that everyone that is using cell phones should be aware of the security risks,” Nohl explained to us. “Our most sincere and primary goal was to raise awareness about this problem.”

Adding to this he said that the projects aim is to raise awareness about the widespread use of GSM, and by proxy A5/1, which amounts for just over 80-percent of the mobile phone market, used in 200 countries the world over by almost 3 billion people, by starting a public debate over the present insecurity and how to make GSM more secure to a “…level where people are comfortable using cellular phones.”

What about the risks? Full Disclosure, which is exactly what he has done with the project's announcement, means that end users are being placed in the line of fire. Assuming the project is a rousing success, isn’t he worried that the criminals will take advantage of the proof-of-concept?

“Some criminals already have this ability,” he explained. He gave is an example of code books available now for about $100,000 to $250,000 USD. “If you’re in the business of industrial espionage, then a quarter of a million dollars doesn’t sound like too high of a price,” he added.

As for users who might or might not be at risk, “That is the cost of Full Disclosure,” Nohl said. Whenever there is Full Disclosure, the information disclosed will usually, “…put some users at risk, but make things better for everybody in the long run.”

We asked about AT&T, who currently holds the rights to the iPhone, and uses both GSM and UMTS, better known as 3G on their network. Can AT&T do anything to secure the millions of iPhone users?

“AT&T has the ability to switch the iPhone to 3G on voice and data,” Nohl explained, but only for the iPhone 3G handsets. As things stand now, the iPhone 3G uses A5/3 (3G) for data transmission and A5/1 (GSM or 2G) for voice.

The problem is that, before AT&T moves customers over to 3G to avoid the weakness in A5/1, they would need to admit that there is a problem on their 2G voice network, something Nohl notes is highly unlikely.

“The proposal has been around for a long time to include the 3G cipher in the 2G standard,” Nohl said. Yet, despite the proposal, nothing has changed.

“Hopefully the discussion over GSM’s current insecurity will prompt the debate of adopting the better 3G security for GSM,” he added.

So what’s next? The project is official, active, and likely to succeed. According to Nohl, the next step is the main reason the project was started to begin with, he hopes all of the attention will “…start a discussion on how to make GSM security better, as it hasn’t improved over the last 15 years.”

If you want to take part in the project, you’ll need the ability to compile or download and install pre-compiled binaries on Linux. There is no Windows version of the project code. (Yet..but it is coming soon Karsten said.) You can get more information here.



评分

参与人数 1维基拼图 +5 收起 理由
昂宿星团人 + 5 发布原文忘记加分了喵

查看全部评分

回复

使用道具 举报

发表于 2013-3-8 20:38:12 | 显示全部楼层
換編碼,ISO8859-1
回复

使用道具 举报

发表于 2013-3-8 21:57:16 | 显示全部楼层
手机没问题,试试楼上吧喵
回复

使用道具 举报

发表于 2013-3-31 17:18:43 | 显示全部楼层

翻译:新项目使用分布式计算来破坏GSM加密

本帖最后由 shmetrofans 于 2013-5-19 19:38 编辑

New project uses distributed computing to break GSM crypto
新项目使用分布式计算来破坏GSM加密


by Steve Ragan - Aug 28 2009, 22:12
作者:Steve Ragan 2009年8月28日,22时12分

原文:http://www.thetechherald.com/articles/New-project-uses-distributed-computing-to-break-GSM-crypto

图片信息:http://www.thetechherald.com/media/images/201148/New-project-uses-distributed-computing-to-break-GSM-crypto-KarstenNohl2.jpg
The Tech Herald talks with Karsten Nohl about Creating A5/1 Rainbow Tables.
“科技先驱”与Karsten Nobl谈论关于创建A5/1频率表。

Do you use a GSM phone? If so, then a new project recently launched by Karsten Nohl might interest you. That or it will completely freak you out. We spoke to Karsten to learn more about his project, which if successful, will allow anyone with some RF equipment, patience, and a $500 USD laptop, the ability to decode GSM-based conversations and data transmissions.
你使用一个GSM手机么?如果是,那么最近由Karsten Nohl运行的一个新项目可能对你感兴趣。这或将彻底把你吓坏。我们和Karsten交谈来学习更多关于他的项目,如果成功,将允许任何具有一些射频设备、耐心和一台500美元笔记本电脑的人,解码基于GSM的对话和数据传输的能力。

Nohl’s project targets the A5/1 vulnerability in GSM (Global System for Mobile communications). The A5/1 algorithm is one of the ciphers used on GSM networks. The purpose for A5/1 is to encrypt both voice and signaling data, and it is applied in both the handset and the Base Transceiver Station (BTS). The problem is that A5/1 is outdated and broken.
Nohl的项目瞄准GSM(全球移动通信系统)中的A5/1漏洞。A5/1算法是其中被应用于GSM网络的一个密码。A5/1的目的是对声音和信号数据进行加密,并且它被应用于手机和基站收发信台(BTS)。问题是A5/1已经过时并不再可靠。

Update: The GSM Alliance has responded to the project in a statement. You can read about that aspect of the story here.
更新:GSM联盟已经在一份声明中回应了项目。你可以在这里阅读有关这方面的报道。

The security offered by A5/1 has been proven exploitable since 2000, but in 2008, The Hackers Choice set out to develop a more practical attack on the A5/1 vulnerability. Nohl’s project is a variation of the one started by The Hackers Choice, as it differs in the choice of hardware used to crack A5/1. Namely, his project uses graphics cards with GPU capability, and seeks to build a distributed infrastructure of nodes.
自2000年起,A5/1提供的安全已经被证实可被破解,但在2008年,“黑客选择”成立,为了发展一个对A5/1漏洞的更实用的攻击。Nohl的项目是一个“黑客选择”设立的那个项目的一个变异版本,它与为破解A5/1而作出的硬件选择有所不同。换句话说,他的项目使用带GPU性能的显卡,并且旨在建立一个节点的分布式基础设施。

Each node will donate small portions of disk space, which will house part of the Rainbow Table that will be created and used to crack A5/1, and the fast GPUs will be used for the generation of, and lookup of, the nodes own table. After the work is complete, the code book produced will be given out freely, and can be used to listen in on GSM-based phone conversations, capture SMS messages sent over the GSM network, or both at the same time.
每个节点将捐助磁盘空间的一小部分,这将存放被创建的用于破解A5/1的频率表,并且高速GPU将被用于生成和查找各节点对应的频率表。在工作完成后,产生的代码簿将自由地共享,并且能被用于窃听基于GSM的手机的交谈内容,捕获通过GSM网络发送的短信,或两者同时进行。

Nohl told The Tech Herald in an interview that the project expects to have a working proof-of-concept attack on A5/1, “…by the end of the year.”
Nohi在一次访谈中告诉“科技先驱”,项目将被期望运行一个对A5/1的工作概念证明型攻击,“直至年底。”

He estimates that the project will need 80 people dedicating their hardware and processing resources for about three months before the PoC is ready. However, with 160 people, the time can drop to about six weeks.
他估计项目需要80人在PoC准备就绪之前约三个月贡献他们的硬件并处理资源。然而,依靠160人的努力,时间能够缩短到约六个星期。

The project is anonymous, and the hope is that as users finish their part of the process, they will upload their completed tables to anonymous repositories and share them with BitTorrent. The process will be organic, Nohl explained, “…these tables will just popup in random places.”
项目是匿名的,并且希望是当用户完成了进程中他们的那部分,他们会对匿名数据库上传他们完成的频率表并使用BitTorrent分享这些表。进程将会是自然的,Nohl解释道,“这些表只是将在随机的地方弹出。”

Since there is no hard usage data being kept, Nohl was unable to tell us how many people have downloaded the software needed, because the project doesn't keep those records by design. “We’re still confident that the initial estimate of involving 80 people for next three months can be held,” he said.
自从那里没有被保存的硬件使用数据,Nohl无法告诉我们多少人已经下载软件所需,因为项目设计中不保存这些记录。“我们仍然很自信,因为以下三个月涉及80人的初步估计能被展开,”他说。

So the project is likely to be successful, but what about the risks? Wouldn’t this mean the criminals could get access to GSM networks and compromise subscriber privacy and security? Why would Nohl even consider this? As expected, there is nothing malicious whatsoever about his intentions.
所以项目或许是成功的,但风险如何?难道这不意味着犯罪分子能够取得对GSM网络的访问权并妥协订户的隐私和安全?为什么Nohl甚至将会考虑到这一点?果然,任何关于他的意图没有什么恶毒。

“We thought that everyone that is using cell phones should be aware of the security risks,” Nohl explained to us. “Our most sincere and primary goal was to raise awareness about this problem.”
Adding to this he said that the projects aim is to raise awareness about the widespread use of GSM, and by proxy A5/1, which amounts for just over 80-percent of the mobile phone market, used in 200 countries the world over by almost 3 billion people, by starting a public debate over the present insecurity and how to make GSM more secure to a “…level where people are comfortable using cellular phones.”
“我们想每个使用手机的人应该意识到安全风险,”Nohl向我们解释道。“我们最诚挚和主要的目标是关于该问题提高认识。”他补充说项目的目标是提高关于GSM广泛使用的认识,并且通过代理A5/1,相当于刚超过80%的手机市场,被应用于世界200个国家超过近30亿人,通过目前不安全的状况之时启动一个公开讨论,关于怎样使GSM更加安全,对于“人们能舒适地使用移动电话的一个级别。”

What about the risks? Full Disclosure, which is exactly what he has done with the project's announcement, means that end users are being placed in the line of fire. Assuming the project is a rousing success, isn’t he worried that the criminals will take advantage of the proof-of-concept?
风险如何?“全面披露”,这正是他对项目声明所作的一切,意味着最终用户被放置在导火线上。假设项目是一个巨大的成功,难道他对犯罪分子将利用概念证明不担心么?

“Some criminals already have this ability,” he explained. He gave is an example of code books available now for about $100,000 to $250,000 USD. “If you’re in the business of industrial espionage, then a quarter of a million dollars doesn’t sound like too high of a price,” he added.
“某些犯罪分子已经有这种能力,”他解释道。他举了一个例子,关于现在代码簿10万至25万美元不等就可用。“如果你在工业间谍活动的交易中,这样100万美元的四分之一听起来就不像高额了,”他补充道。

As for users who might or might not be at risk, “That is the cost of Full Disclosure,” Nohl said. Whenever there is Full Disclosure, the information disclosed will usually, “…put some users at risk, but make things better for everybody in the long run.”
对于可能或可能不会处于危险之中的用户,“这是‘全面披露’的成本,”Nohl说。每当哪里有“全面披露”,信息经常会被披露,“将一些用户处在危险之中,但从长远来看能够对所有人来说使事态发展更好。”

We asked about AT&T, who currently holds the rights to the iPhone, and uses both GSM and UMTS, better known as 3G on their network. Can AT&T do anything to secure the millions of iPhone users?
我们询问关于AT&T的详情,目前拥有对于iPhone的权利的公司,并使用GSM和UMTS两个,在它们的网络上更好解释为3G。AT&T是否能够尽一切可能保障百万iPhone用户(不受侵犯)?

“AT&T has the ability to switch the iPhone to 3G on voice and data,” Nohl explained, but only for the iPhone 3G handsets. As things stand now, the iPhone 3G uses A5/3 (3G) for data transmission and A5/1 (GSM or 2G) for voice.
“AT&T有能力将iPhone通信的声音和数据替换为3G形式,”Nohl解释道,但这仅仅对于iPhone 3G手机。就目前情况来看,iPhone 3G使用A5/3(3G)用于数据传输,使用A5/1(GSM或2G)用于声音传输。

The problem is that, before AT&T moves customers over to 3G to avoid the weakness in A5/1, they would need to admit that there is a problem on their 2G voice network, something Nohl notes is highly unlikely.
问题在于,在AT&T将客户替换到3G之前为了避免在A5/1中的弱点,他们将需要承认在他们的2G通信网络中有一个问题,Nohl注意到的事情是极不可能的。

“The proposal has been around for a long time to include the 3G cipher in the 2G standard,” Nohl said. Yet, despite the proposal, nothing has changed.
“在2G标准设备中纳入3G密码的建议已经提出很长一段时间,”Nohl说。然而,尽管已经建议,没有什么改变。

“Hopefully the discussion over GSM’s current insecurity will prompt the debate of adopting the better 3G security for GSM,” he added.
“希望关于GSM当前不安全状况的讨论将促使对GSM采用更好的3G安全的讨论,”他补充道。

So what’s next? The project is official, active, and likely to succeed. According to Nohl, the next step is the main reason the project was started to begin with, he hopes all of the attention will “…start a discussion on how to make GSM security better, as it hasn’t improved over the last 15 years.”
那么下一步是什么?项目是官方、活跃的,并且或许能够成功。据Nohl所说,下一步是项目开始启动的主要原因,他希望所有关注将“展开一个关于怎样使GSM安全更完善的讨论,目前情况是GSM安全在过去15年未曾改善。”

If you want to take part in the project, you’ll need the ability to compile or download and install pre-compiled binaries on Linux. There is no Windows version of the project code. (Yet..but it is coming soon Karsten said.) You can get more information here.
如果你想参与项目,你将需要在Linux上编译或下载并安装预编译可执行文件的能力。没有项目代码的Windows版本。(确实是这样……但这个版本即将到来,Karsten说。)你能从这里获取更多信息。

评分

参与人数 1维基拼图 +20 收起 理由
昂宿星团人 + 20 翻译辛苦喵~

查看全部评分

回复

使用道具 举报

 楼主| 发表于 2013-4-28 07:53:23 来自手机 | 显示全部楼层
shmetrofans 发表于 2013-3-31 17:18:43
本帖最后由 shmetrofans 于 2013-3-31 17:22 编辑   

你使用GSM手机吗?如果是,那么最近由卡斯滕·诺尔(Karsten Nohl)最近运行的一个新项目你可能感兴趣。...

二进制文件翻译成可执行文件可能更好。来自: iPhone客户端
回复

使用道具 举报

 楼主| 发表于 2013-5-10 21:07:11 | 显示全部楼层
本帖最后由 arthur200000 于 2013-5-15 10:45 编辑
如果成功的话,将允许任何人带一些RF设备,耐心,和500美元的笔记本电脑,基于GSM的交流和数据传输的解码能力。
will allow anyone with some RF equipment, patience, and a $500 USD laptop, the ability to decode GSM-based conversations and data transmissions.

如果成功的话,将允许任何一个拥有RF设备、足够的耐心以及一个价值500USD的笔记本电脑的人,获得对于GSM通讯/数据传输的解码能力。
诺尔的项目对准在GSM(全球移动通讯系统)中的A5/1漏洞。

诺尔的项目瞄准了GSM的。。。。漏洞
问题是A5/1已经过时并损坏。

问题是A5/1已经过时并且不再可靠。(个人认为broken可做被破解解)
更新:GSM联盟在一份声明中已回应项目。你可以在这里阅读有关这方面的故事。

更新:GSM联盟已在一份声明中回应此项目。你可以在这里(无链接无节操)阅读有关这方面的报道。
每个节点都将捐出一小部分的磁盘空间,这将房子的一部分将创建用于破解A5/1的,快速的GPU(图形处理器)将被用于生成时代查询,节点自己的表。
版规如是说道:啊对了,还有慎用机器翻译,校对会掀桌的。。

摔桌子!!!!!!!!!真·机翻啊!!!!!!!!!!!!!
每个节点都将捐出一小部分的磁盘空间,这将存放被创建的用于破解A5/1的频率表,高速的GPU(图形处理器)将被用于生成和查询节点自己的频率表。
工作完成后,将产生的代码簿更加轻松,并可以用来听在基于GSM的电话交谈,捕捉通过GSM网络发送的SMS消息,或两者在同一时间。

闹够了!机翻也不是这么玩的!要整理语序!!!!
工作完成后,产生的代码簿将自由地共享,并可以用来监听听在基于GSM的电话互相交谈,捕捉通过GSM网络发送的短信,或两者同时进行。

有空继续吐233

评分

参与人数 1基本分 +1 维基拼图 +18 收起 理由
昂宿星团人 + 1 + 18 吐槽欢乐+1

查看全部评分

回复

使用道具 举报

您需要登录后才可以回帖 登录 | 新注册用户

本版积分规则

论坛官方淘宝店开业啦~

Archiver|手机版|小黑屋|中国分布式计算总站 ( 沪ICP备05042587号 )

GMT+8, 2024-3-29 13:34

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表