Last week the Chaos Computer Club announced it had cracked GSM, but by Friday the GSMA was saying the attack was completely impractical - so should you be worried? The attack proposed by the CCC is based on a Rainbow table: an enormous list of known results to which an encoded message can be compared to look up the key, rather than break the encryption. This approach was swiftly rubbished by the GSMA as needing 2TB of data and thus being impractical, but, as ever, things aren't quite that simple. GSM's security is based on several algorithms, but the focus here is on the encryption used to secure calls against interception rather than identification or authorisation which, for the moment, remain secure. In GSM parlance the encryption of the call is known as A5, with the encryption options being numbered from zero to three: A5/0 being no encryption at all, A5/1 proper encryption, A5/2 weakened encryption for export to dodgy countries and A5/3 the new standard that's supposed to be part of 3G but isn't really.
