Cryptanalysis of A5/1: nothing is safe

There have been a lot of articles about the new attack against the GSM cell phone encryption algorithm, A5/1. In some ways, this isn’t real news; we’ve seen A5/1 cryptanalysis papers as far back as ten years ago.

What’s new about this attack is: 1) it’s completely passive, 2) its total hardware cost is around $1,000, and 3) the total time to break the key is about 30 minutes. That’s impressive.

The cryptanalysis of A5/1 demonstrates an important cryptographic maxim: attacks always get better; they never get worse. This is why we tend to abandon algorithms at the first sign of weakness; we know that with time, the weaknesses will be exploited more effectively to yield better and faster attacks.