Cracking the GPS Galileo Satellite

Glyn writes "Newswise is reporting the the encryption in the Galileo GPS signal has been broken. The pseudo random number generator used to obscure the information stored in the Galileo GPS signal has been broken. From the article: 'Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.'"

Galileo != GPS

[matt4077]

Galileo is the European System, GPS is the American. "GPS" is kind of generic, so I guess it's going to be the name for the whole category, but I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

Re:Galileo != GPS

[Anonymous Coward]

> I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

There is: the "American GPS" is named NAVSTAR according to this site [kowoma.de]

Well, don't forget the third "GPS"

[Tavor]

Not many people remember it, but there was a third competing system for Global Positioning.
GLObal NAvigation Satellite System [wikipedia.org]
Started by the Soviets, cont. by the Russian Federation, and now with India on board,it is expected to be fully operational again in 2008. (Like all things expected to be complete in 1991, the money situation made them push it back further than Vista.)

Re:Galileo != GPS

[Tugrik]

If you want to get technical, the "American" system is called NAVSTAR GPS, which stands for NAVigation Signal Timing And Ranging Global Positioning System.

Re:Galileo != GPS

[Professor_UNIX]

I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

To paraphrase Michael Bolton, "Why doesn't he change his name, he's the one that sucks!"

Re:Galileo != GPS

[l3v1]

Ok, it has a name "NAVSTAR", so there you go.

Re:Galileo != GPS

[GreyPoopon]

Only americans can think nobody else can make a GPS so they don't even bother to give theirs a name.

I really hope you didn't intend this as an insult to Americans. As stated elsewhere, the American GPS is named NAVSTAR. Almost nobody uses the full name because for years and years the NAVSTAR GPS was the only one in existence. It isn't arrogance on the part of Americans as your statement seems imply; it's simply because for a long time the shorter term GPS was not ambiguous.

Re:Galileo != GPS

[HuguesT]

Actually NAVSTAR is not the only one available. The Russians also have a satellite navigation system called GLONASS [wikipedia.org]. GLONASS is purely military, AFAIK, but has been in operation since the 80s.

Re:Galileo != GPS

[DrSkwid]

Soccer is a contraction of Association Football, as opposed to Rugby Football. (soccer & rugger)

Use of the term "soccer" (as opposed to competing terms "socca" & "socker") dates from around 1890. The Princeton rules of American Football were formulated in 1867, the same year the American Football was patented.

Encryption

[Anonymous Coward]

AFAIK the PRNs are not really encryption keys. They're merely a technical detail that can be kept secret. GPS and Galileo are spread spectrum applications and the PRNs define the way the signal is spread. If you don't know the spreading function, you can't tell the (unencrypted) signal from the noise. It's really security by obscurity.

Re:Encryption

[Nutria]

If you don't know the spreading function, you can't tell the (unencrypted) signal from the noise. It's really security by obscurity.

Apparently not obscure enough...

Re:Encryption

[m874t232]

Spread spectrum using pseudo-random sequences is an encryption method, and an effective one, if the pesudo-random number generator is well chosen.

Whether it was intended to be used as such as part of Galileo is another question.

Re:Encryption

[timeOday]

AFAIK the PRNs are not really encryption keys. They're merely a technical detail that can be kept secret.

What is a PRNG if not a hash function? You hash each number in the sequence to get the next number. Since you don't want just anybody who knows the hash algorithm to be able to predict your sequence, you generate a longer than necessary number and only reveal part of it, keeping some of the bits secret. If Galileo was cracked, somebody must have figured out the secret bits as well as the function.

Re:Encryption

[Detritus]

High-security spread-spectrum systems do use cryptographically secure spreading codes. Unlike the spreading codes used in less secure systems, they don't repeat and you need an accurate time reference to synchronize the PN code generator in the receiver with the PN code generator in the transmitter.

Re:Encryption

[WindBourne]

AFAIK the PRNs are not really encryption keys.

You must be wrong. It says so in the paper.

Re:Encryption

[cptgrudge]

The paper is wrong. It says so on Slashdot.

Re:Encryption

[FireFury03]

It's really security by obscurity.

It's not really intended to be security anyway - everyone knows the normal NAVSTAR, WAAS and EGNOS PRNs (you have to in order to use the services) - the PRNs are used to differentiate between individual satellites, which all transmit on the same frequencies. I guess they just decided not to publish the Galileo PRNs until they'd got further into the project.

Re:Encryption

[turbidostato]

"spread spectrum [...] It's really security by obscurity."

No, it isn't.

A "security by obscurity" device is one that you can't tell how is it built and still use it as a "security device".

For instance "rot 13" is a "security by obscurity" device. Once you tell a cypher is made out "rotting13" a clear token, you are gone.

On the other hand, "Caesar's cypher" is not a "security by obscurity" device. Caesar's cypher, you know, is the general procedure which rot 13 is an special case. You can tell "this is cyp

Offtopic but....

[rolfwind]

Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki.

Sigh, how did READING the bits on your own CDs/DVDs ever become illegal? Freedom of speech implies a freedom to read what you want. (Yes, I understand the DMCA, but I'm still in shock - I always considered laws making it illegal to read "signals", etcetera "not intended for you" very British but very unAmerican. And I say British because I'm getting those quotes from British laws circa WW2 and probably before.)

Props to Cornell.

Re:Offtopic but....

[jacksonj04]

It's not the reading signals bit that's the illegal one. It's knowingly intercepting signals that you know aren't intended for you. Alternatively, accidentally intercepting signals and then telling somebody else.

Re:Offtopic but....

[Zemran]

very British but very unAmerican.

Strange that it is America that is forcing Britain to accept these laws ... In legal terms Britain always had the concept of State Secrets just the same as the US but it is the US that has re-introduced the era of the guilds, trade secrets like that went out in the middle ages in Britain.

Re:Offtopic but....

[xyvimur]

Thanks to US great politicians, their poor understanding of the IT world, and great lobbying of groups of interest.
There is a really good article about DMCA in the current release of IEEE Spectrum, pointing out all the bad things that it introduced (no hardware DVD copiers, no digital VCRs capable of skipping ads, etc.)

As opposed to the psycho US country

[themusicgod1]

Where they just ban rave music, send swat teams to raves, try to ban all forms of live electronic music(including rock and roll) in florida, assault marching bands, consider heavy metal (along with most punk and industrial music) as 'satan worshiping' music fit for blacklisting, keep european musicians from being able to enter the country, and choosing the wrong media to listen to music through as a music fan can get you sued into the gutter. You are left with music in america, it's true, and you can say '

much ado about nothing

[tonigonenstein]

The article is inacurate and makes a big deal about nothing (BTW did you notice it was written by a guy from Cornell ?) First, Galileo is not ready yet. The article claim they plan to charge for the keys. This is plain wrong, the base precision signal (which is the one we are talking about) will be available free of charge. The system is simply in testing phase right now and they don't want anyone playing with it, that's all. Second, this PRN sequence is not supposed to be difficult to crack at all, since it will actually be made public in time. This is in no way an achievement. It is was the high precision signal, this would be another matter.

Re:much ado about nothing

[Barnoid]

That's ridiculous. They put a satellite up in orbit to broadcast this information to the whole globe. What do they have to lose by letting people use it? It's not like somebody could break their service just by listening to it.

You're right, it can't be broken. Maybe they don't want to get sued during the test phase by some guy who drove his car in a trench because he was feeding his navigator with the Galileo signal.

Two Interesting Points

[FrankDrebin]

1. The Cornell team anaylzed signals from a demonstration satellite that by itself is not useful for navigation, and according to the documentation transmits the same power-envelope, but not the same PRN's, as the operational system.
2. According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.

Re:Two Interesting Points

[NoSuchGuy]

2. According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.

There is no navigation data in the signal. Its a time signal/timestamp that gets transmitted.

The "logic" of your navigation system is inside the "box" in your car/ship/.. The box calculates the position depending on the timesignal.
If your system can't read the time signal you can not calculate your position.

If the time signal is encrypted it may become a DMCA matter in US. Would be nice t

Re:Two Interesting Points

[schon]

Its a time signal/timestamp that gets transmitted [...] If the time signal is encrypted it may become a DMCA matter in US.

Umm, so you're claiming that a timestamp can be copyrighted?

Re:Two Interesting Points

[Alsee]

By the way, I claim the copyright on his date of birth.

I don't happen to know what it is at the moment, but I must be given the copyright on it anyway because as we all know Property Rights Must Be Protected.

-

Re:Two Interesting Points

[FireFury03]

navigation data is not, and cannot be, copyrighted.

I think the cartographers would beg to differ on this count.

Re:Two Interesting Points

[Pofy]

>I think the cartographers would beg to differ on this count.

Not at all. It is not the geographically data itself that they get copyright on (or no one else could maka map of an area were you have copyright on your map). It is your expresion of that data into your specific map that you get copyright on. Anyone is free to make their own map (or whatever) based on the information on someone else map. They can't copy that specific map with its layouts and so on.

Deep pocket

[Lead Butthead]

According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.

It's not important that a suit has merit, it's only important that the defendant runs out of money before the plantiff.

Get your filthy American hands off our data!

[Anonymous Coward]

If a European tried doing something like this with a US GPS satellite, they'd get arrested for being a terrorist long before they had chance to write a paper on it.

Re:Get your filthy American hands off our data!

[McSnarf]

Errr. Wrong.

They'd possibly get a medal in the east, loads of cash from certain people in the west.

Nope

[Bill, Shooter of Bul]

I realise that its dangerous replying to trolls, but everyone who really wants to has already cracked the US GPS high precision code. I don't know how much of a secreat that is, but I've been told by people who know that its been done. The government is aware, but I think they still retain the posibility of switching it if they need to and having all of the military GPS work without modification. No, the US doesn't like the Euro Gallileo, because as far as we know, they lack the ability to block, or change

Re:Nope

[FireFury03]

No, the US doesn't like the Euro Gallileo, because as far as we know, they lack the ability to block, or change the signal.

This is not true (anymore). ISTR the sequence of events went something like:

1. EU announced Gallileo
2. US started complaining that they didn't see why the EU wanted to do this since there was an already perfectly good GPS system in operation.
3. EU pointed out that NAVSTAR is under the control of the US millitary and they didn't trust the US not to turn it off or "adjust" it
4. US said that this wou

Re:Nope

[FireFury03]

I would venture to say that disabling GPS, at this point, would cause more economic damage in the short term than a medium-sized war.

I dare say that turning off or seriously degrading GPS would cause a few deaths too. That said, it wouldn't be the first stupid thing governments and millitaries have done. I would much prefer to get my positining data from a variety of sources, not just a single millitary system, that way no one organisation could decide to pull the plug. Also, ESA aren't millitary, so usi

Re:Get your filthy American hands off our data!

[Shads]

> Exactly what I was thinking about. Let's admit it, US people is ready to fight
> for their own freedom just as much as they're ready to deny anybody else's, if
> needed. Shame on your country, a day will come when all this sick laws will
> screw you up for real internationally.

Don't confuse the "US People" with the "US Government". Less than half of the US voted becuase they're so disillusioned with all comers. Our sick laws screw us up at home everyday, why should we worry about it screwing us

Re:Get your filthy American hands off our data!

[Greyfox]

Being disillusioned with all comers is no excuse. If we all showed up and either voted either NOTA or against the incumbent in every single election, the system would actually start to change. I make it a point to show up and vote for independent parties at the local levels, against odious candidates and against incumbents (In that order) in Federal elections. Don't say your vote won't make a difference either -- I'm pretty sure we wouldn't be in Iraq right now if a few dozen grannies in Florida could have

What about firmware upgrade ?

[i-neo]

Cornell demonstration is pretty useless.

First Galileo is only in testing phase, therefore nothing tells you the signal encryption they are using is the definitive one. I would rather think they are testing and they don't care if someone is getting it.

Second have you ever heard of firmware upgrade ? I guess encryption will be updated when the satelites will be in production, and there will not be any problem since it is not being used in any device yet.

Thank you Cornell people for this useless article. Another Cornell box ?

NATTFA

[jefu]

(Not According To The FA)

The article says that the Cornell GPS group tried to get the information but failed, as did several other groups - so :

they don't care if someone is getting it.

does not seem to apply. Furthermore, there are other parts of the article that hint that the signal encryption used is indeed the definitive one.

Now, as to the satellite/receiver firmware being updated - that is certainly always a possibility and nothing in the article contraindicates that.

Amateur Galileo receiver?

[Goonie]

If I read this, and the GPS [wikipedia.org] article in the Wikipedia, it would now be possible to build a Galileo system out of off-the-shelf parts and some moderately clever software. Is this the case, or is there something I'm missing?

Re:Amateur Galileo receiver?

[The Cornishman]

> is there something I'm missing?
Yep. There's only the one satellite, (a demo and a placeholder, a bit like Vista beta :) so a lot of the time it's not going to be above the horizon on your part of the rock. Yeah, a lot like Vista beta, come to think of it.

Re:Amateur Galileo receiver?

[HuguesT]

Yes, you are missing the fact that there is only one Galileo satellite in orbit right now, and this one doesn't include all the technology that will make Galileo an interesting system, namely the high-precision onboard atomic clock. In all generality you need timings from at least 4 different satellites visible from everywhere to be able to locate a point in 3D. This means about 12 at a base minimum must be in orbit for the system to be useful. The final system will have 30.

The current sole Galileo system in orbit is a test system. The final systems will be significantly different.

 

How about the US GPS encrypted channels?

[KDN]

The US GPS system also has two encrypted channels, P1 and P2, which use undocumented PRN generators (or at least I've never found them). Has anyone ever cracked them? The CA signal is what the civilian systems use.

Re:How about the US GPS encrypted channels?

[steve_l]

I think the US encryption system changes on a regular (monthly?) basis; you need new keys in your receiver. So even if you manage to pick up an military GPS rx on ebay or somewhere else, you wont get the military fix.

which is a pity -apparently it works better under tree cover than civilian GPS.

Re:How about the US GPS encrypted channels?

[Jacco de Leeuw]

Well, the Cornell lawyers say that it is "fair game" to crack the US GPS PRNG. (Although they probably forgot to mention that after you crack the PRNG, you will be fair game for the US military...)

Re:How about the US GPS encrypted channels?

[Vreejack]

NAVSTAR encryption serves two purposes, reduction of precision for outsiders and anti-jamming. Bill Clinton removed the precision constraints, but the anti-spoofing/jamming codes are changed very often.

Two caveats: the anti-jam/spoof feature can improve reception in areas of high interference caused by physical geometry (reflective surfaces, for example), and the US gov. can always cripple precision in local areas if it wishes (e.g., Baghdad).

Re:How about the US GPS encrypted channels?

[richie2000]

That was LAST week's PRN. Keep up, willya?

Isnt That Illegal?

[omegashenron]

Given that these codes are in place to sell premium products to consumers and recoup the investment made with putting the satellites in orbit - how is this any different to breaking codes for satellite TV and/or DRM?

I really hope the folks at Cornell start working on something that would have a legitimate use such as the ability to make a backup of a legally purchased HD-DVD movie... oh wait... that would be illegal :-(

Re:Isnt That Illegal?

[jacksonj04]

It's not the premium code - they simply found the code used for the test satellite's Open Service. Once the system is up and running, this key will be changed and given out to manufacturers anyway, it's not like it's going to be highly protected.

The Commercial Service, Public Regulated Service and Safety of Life Service all use different (more secure) encryption means.

Re:Isnt That Illegal?

[danpat]

"this key wil be changed and given out to manufacturers anyway, it's not like it's going to be highly protected."

Makes you wonder why they bother in the first place. Sounds like a lot of effort, infrastructure and middlemen to construct something that's obviously going to be bypassed very shortly. Ah, the middle men, that's where it came from....

Legal second opinion (from an engineer)

[justthisdude]

I'm no big fan of copyright, but I think Cornell needs a better lawyer. Clearly, no one can copyright a location (although this would make for a great scene: "Where am I?" "I can't tell you; it's copyrighted." I bet Dick Cheney is already drooling, but I digress). What they are protecting is the output signal from their satellites' atomic clocks, and measurements of their exact orbits. A mobile device computes its own position by comparing path delays to themselves from many satellites' known locations. The timing signal and satellite ephemeris are creative content that can be protected just like a map or satellite picture can be copyrighted, while the location depicted isn't. TFA compares decoding the timing signal to looking at a lighthouse and deducing your own position, which is clearly free. That same arguement would support decoding satellite signals of CNN to deduce world events. World events are clearly free, but the video isn't.

A stronger arguement can be made: since they have agreed to make the codes open source they have no right to enforce copyright. You just can't say they aren't creating anything.

Re:Legal second opinion (from an engineer)

[MikeJ9919]

No offense, but I think engineers need to stop playing lawyers. As an engineer headed to law school in the fall, I'm smart enough to know how little I know at this point.

With that said, the very first thing they teach you in law school is "it depends"...everything in the law is a balancing act, and is subject to human judgement. Sometimes it's a very lopsided balancing act, but there's almost always room for argument.

Openly available signals

[pe1chl]

"Imagine someone builds a lighthouse," argued Psiaki. "And I've gone by and see how often the light flashes and measured where the coordinates are. Can the owner charge me a licensing fee for looking at the light? ... No. How is looking at the Galileo satellite any different?"

You would expect it to work that way, but NO. Today, it really is possible to transmit information into publicly receivable media and still be able to prohibit the use of it and to do the research necessary to make the signal useful (

Algorithm is being replaced

[joshua42]

Acoording to a friend working on the Galileo project they came up with a new encryption algorithm specification a week ago. Quite annoying with such changes this late in the project, they thought. I guess this news kind of explains it.

In practical terms

[nurb432]

What does this mean to me? Can i reprogram my portable GPS to this new code? And what does it give me if i can? I already get free access to GPS now ( well i paid my purchase fee on the device ) and didnt the US government lift restrictions on accuracy recently ?

No i couldnt get to TFA to read it.

I don't understand

[MrShaggy]

Why it was necessary to break up someone's business like this? Now instead of paying monthly for access, they are going to have to license the access right to the manufacturer. Space is expensive. So when satellites need repair or replacement, how is this going to happen ?? All you will see is either the company will figure out a way to update the codes all the time(Like sat. tv) or, a massive increase in the cost of GPS units, to cover the license cost. Now someone that has a small hobby like geocachin

Re:I don't understand

[MrShaggy]

But a promise dosen't mean a thing. If there was a 'contractual agreement' then sue them. Why is it up to these people to dispense justice??

Re:and North Korean rocket scientists appreciate t

[Anonymous Coward]

Why? So they know where exactly their rocket was when it failed? Don't you think that positioning a nuclear bomb with sub meter precision is a little too control-freakish?

Re:and North Korean rocket scientists appreciate t

[Anonymous Coward]

Re-read your statement, think about who you're talking about, then go look up the definition of irony.

*grin*

Re:and North Korean rocket scientists appreciate t

[MichaelSmith]

I think that North Korean rocket scienties are having a party today.

But they get the credit regardless of where their rockets land.

Re:and North Korean rocket scientists appreciate t

[cswiger2005]

"So long as they go up, who cares where they go down."

              -- Werner von Braun (paraphrased by Tom Lehrer)

Re:and North Korean rocket scientists appreciate t

[Detritus]

"I reach for the stars, but sometimes I hit London."

-- Werner von Braun (modified by Mort Sahl)

Accuracy not critical with nukes on soft targets

[Goonie]

You don't need sub-metre accuracy to be lethal with an ICBM tipped with a nuclear warhead. Land a rocket with a nuke within five miles of here [google.com], here [google.com], or here [google.com] and you kill tens, probably hundreds of thousands of people.

Or, alternatively, you could just about hit here [google.com] with a trebuchet from North Korea, and there are 11 million people there.

North Korean nuclear strategy is likely to revolve around killing lots of people, not taking out hardened military targets with precision weapons. For that, accuracy me

Re:Accuracy not critical with nukes on soft target

[Znork]

"North Korean nuclear strategy"

Actually, like most such strategies, North Korean nuclear strategy is most likely to revolve around not having to actually fire such weapons; if you at any point need to actually launch, you've already lost, they can only be used to make the enemy and the rest of the world lose too.

Taken to the natural conclusion, see the Dr Strangelove version of Doomsday Machine. No precision needed at all, and you dont even need a trebuchet.

Re:Accuracy not critical with nukes on soft target

[zulux]

North Korean nuclear strategy is most likely to revolve around not having to actually fire such weapons

The assumption is that the North Korean government is sane.

  I seriously doubt any government that systematically starves its own people to death over a few decades would have any trouble watching the same people die in a "glorious" fire.

Re:Accuracy not critical with nukes on soft target

[Jah-Wren Ryel]

The assumption is that the North Korean government is sane.

Lol! I was just going to post a joke about how we are suppossed to believe the standard demonization that our enemy is a "madman."

I seriously doubt any government that systematically starves its own people to death over a few decades would have any trouble watching the same people die in a "glorious" fire.

You should doubt it.

Only in movies do insane people end up runnning countries. Letting the population starve is not a symptom of insanity - it is a symptom of a ruling class lacking accountability to the citizens.

The North Koreans are not insane, they just have a different perspective than the one our news media feeds us. Were Bush and Rumsfeld insane because they ignored counsel from the pentagon about how securing Iraq would require 2x-3x more troops than they wanted to allocate? No, they just saw the facts differently - incorrect they were, but not insane.

Same thing goes for North Korea's government. For example - they still consider themselves to be at war, no truce was ever signed - only an armistice which is just a little bit stronger than a "cease fire." To an American, 10,000 miles away, it sure seems like the korean war is over - but anyone who gets near the DMZ and sees the patrols on both sides (or has even just seen the movie Joint Security Area), it isn't so clear any more. North Korea has always felt like it needs to be prepared for an attack at any time and has thus kept its military at a full state of rediness.

North Korea has made a lot of dumb decisions, but that doesn't mean they are insane any more than Bush's (mis)handling of the war in Iraq means he is insane.

Re:Accuracy not critical with nukes on soft target

[zulux]

. Letting the population starve is not a symptom of insanity

I guess you have a different definintion of sanity than I do.

I understand your point - that the two Kim's of NK are really more ruthless than anything - but their actions lead one to not trust in them when it comes to sensabilities that you and I have.

NK, IMHO will lob a nuke much more readilly than say china - even though China has killed millions more humans in the last 50 years. Russa as well - Stalin's purges killed 30 million or so, but there

Re:Accuracy not critical with nukes on soft target

[Richard_at_work]

Soeul is already within artillery range of the North, they could jsut lob a nuclear tipped shell over and do the same damage.

Re:Accuracy not critical with nukes on soft target

[MrShaggy]

They could even get in with bio-weapons. Launch a cow that has mad-cow disease.

Good to go!

I think the idea came from a lot of editorials. There were 2 Canadians and an upset cow, in a sling getting ready to go over the border. The quotes were 'Canadians develop weapons of mass destruction, that can be launched within minutes.'

Re:and North Korean rocket scientists appreciate t

[matt4077]

For a nuclear warhead, traditional GPS' 5m-accuracy should be quite sufficient. It's not like they'd be trying to avoid "collateral damage"

Re:and North Korean rocket scientists appreciate t

[feyhunde]

For a nuclear warhead, traditional GPS' 5m-accuracy should be quite sufficient. It's not like they'd be trying to avoid "collateral damage"

In wartime the US can, will and does turn off the GPS in the warzone. Galilieo isn't under the same controls, and for that reason is popular with some governments for their guided weapons programs. Further, the civilian GPS receivers still have certain height and velocity restrictions artificially put in by the US to prevent guided missile uses. Only recently was an ag

Re:and North Korean rocket scientists appreciate t

[Zemran]

They have to learn to make them fly before they worry about where they land...

For the glorious leader!

[patio11]

This time that happy-sappy capitalist running dog doplhin gets it with our new Precision Guided Silkworm Missile! Take that, Flipper! Bwahahaha! -- Hey, its not any LESS crazy than what passes for the real North Korean government.

uncrackable encryption

[Nikademus]

PRN is not really encryption.

But anyway, there is no such thing as an encryption scheme that cannot be cracked. It is just a matter on how much time it will take to crack it.
Encryption will always be crackable, we are just playing with the fact it would take 512 or so years to crack a particular scheme with the actual technology.

Re:uncrackable encryption

[Groo Wanderer]

"But anyway, there is no such thing as an encryption scheme that cannot be cracked. It is just a matter on how much time it will take to crack it.
Encryption will always be crackable, we are just playing with the fact it would take 512 or so years to crack a particular scheme with the actual technology."

Actually, there is almost no encryption scheme that can stand up for a weekend to the 'suitcase full of cash' cracking methodology.

                -Charlie

Re:uncrackable encryption

[Gorath99]

I fact, that is pretty much the only attack that will work against a correct implementation of OTP [wikipedia.org], an encryption scheme that actually is unbreakable (though rather unpractical for most applications).

Re:uncrackable encryption

[Nutria]

I fact, that is pretty much the only attack that will work against a correct implementation of OTP

Rubber-hose decryption works well, too.

Re:uncrackable encryption

[arivanov]

So does Sodium Pentothal though sometimes there are decryption errors. If there is more time there is a guaranteed decryption scheme known as "heroin once a day for a week, followed no more heroin until you tell the key".

Re:uncrackable encryption

[DrSkwid]

pfft, your previous victims were weak

Re:uncrackable encryption

[kestasjk]

One time pads have been proven to be unbreakable, but implementing it securely (ie moving the one time pad to the other person securely) is the hard part.

Re:uncrackable encryption

[tacocat]

Hate to make a plug for myself but I came up with a one time pad authentication method for logging into websites. It's as secure as can be socially accepted. Key words there.

http://www.tacocat.net/

The idea is to get your password sent to you by some method and upon successful authentication, the password is reset and retransmitted. The socially accepted part is sending the password to you in such a way that you'll actually be able to use it. The most common form of sending new passwords today is via e

Re:uncrackable encryption

[Anonymous Coward]

And before you go running off to make a patent, white papers exist on the internet dating back to 1990 on using One Time Pads for internet/computer authentication mechanisms. And the fact that I wrote all this up here also serves as prior art.

This is laughable. You are trying to use the only perfectly secure encryption scheme, while breaking the rules which allow it to be the only perfectly secure encryption scheme.

So your mechanism is only as secure as the weakest parts, which in this case is plain text email or maybe SSL encrypted email, in which case, just use SSL and have the user provide their own strong password. You are getting NO GAIN for something which is MORE of a PAIN.

BTW, specifically in regards to GSM mobile phones (I don't know about others), GSM phone crypto uses a small Linear Feedback Shift Register configuration (40bit equivalent) for Pseudo Random Number Generation. To make matters worse, it is seeded (partially or fully?) with the IMEI number of that phone. IMEI numbers can be broken down a great deal if you know the make of the phone and then more if you know the model. The bit depth of IMEI suddenly drops. In 1999 GSM could be cracked [lycos.com] in less than a second on a basic home PC. In addition to that, I personally know of a GSM eavesdropping/recording device being used outside of government/law-enforcement and I also know of someone who makes a similar device which is separate from the other I have mentioned. GSM at least, can hardly be considered to be providing strong comms. GSM crypto only "protects" the wireless link between the mobile phone and base station, NOT the wired link between cells or landlines, etc, so you trust your Telco? BTW, do you trust the French? This is their crypto scheme (A5) and they intentionally made it weak. Germany, try as they might, being so close the then Soviet Union, wanted it to be strong. The fact is, most governments don't want their people having strong crypto and you are essentially providing nothing.

Why bother? You are taking the strengths of OTP, weakening them to something ranging from plain text to strengths we already have (SSL) and yet you are keeping the impracticalities of OTP. I have to wait to have my password broadcast to the World before I can log in? What exactly are you providing again?

Really, why bother?

Hate to make a plug for myself but I came up with a one time pad authentication method for logging into websites. It's as secure as can be socially accepted. Key words there.

Every single time, in the past 11 years or so that I've been into crypto and crypto forums, that I heard someone say something like, "I think I have a good scheme", it has turned out to be a complete joke. I now get a chuckle whenever I read something like that, before I go on and read the "good scheme". So thank you for the chuckle. By the way, you can't have prior art when someone before you has it. It's not yours, it's thiers. Even if it does suck.

Re:uncrackable encryption

[tacocat]

Really, why bother?

I was hoping that the website would explain this. Did you RTFM? Assuming you did not. The advantage that still exists is that OTP, even over SMS is much harder to intercept than standing behind someone at an airport kioske or sniffing wireless networks... I didn't say it was 100% secure, in fact I think I even make mention that it is still not perfect. But it's a hell of a lot better than common practice today.

I would think it would be preferred if someone would be willing to move

Re:uncrackable encryption

[Gorath99]

Actually, there is no way to proof there is an encryption scheme that cannot be cracked.

There isn't? Proof it! ;-)

Seriously, there are ways. The reason most encryption schemes can at least be brute forced is that for any given ciphertext, there are very few possble sensible (non-garbage) plaintexts. So, if you try all possible keys and look at all the resulting plaintexts, the one that is sensible will almost certainly be the original plaintext.

With OTP this won't work as there is a simple proof that for any given ciphertext, every single message of the same lenght is a possible plaintext. So if you have a ciphertext of 1k characters and you try every possible key, you'll end up with every possible text of 1k characters. This includes bits of Shakespeare, Britney Spears porn, texts describing who killed JFK (at least one of which will be amazingly be true :-) ), quotes from the Bible, excerpts from the linux code and much, much more. There's no way of knowing what was the original message.

Oh, and since you'll end up with 256^1000 messages of 1k length, you'll need a bigger harddisk ;-)

Re:uncrackable encryption

[WindBourne]

with the actual technology.

That would be better rewritten as current technology and know-how. Obviously tech improves for instance, back in the 90's, nearly all attempts at cracking where based on a serial approach. Now, they are based on a distributed approach. In addition, the general algorythms that we know and use in the general public are almost certainly different than what other very targeted groups know and use.

Re:uncrackable encryption

[YGingras]

But anyway, there is no such thing as an encryption scheme that cannot be cracked. It is just a matter on how much time it will take to crack it.
Encryption will always be crackable, we are just playing with the fact it would take 512 or so years to crack a particular scheme with the actual technology.

Are you really that clueless? I would not take 512 years to bruteforce a 320 bit key, it would take simply longer than the current age of the universe. Assuming of course that you are required to put a single

Re:uncrackable encryption

[YGingras]

Asymmetric schemes like RSA are a lot easier to crack than 3DES and other symmetric. A solid scheme would use very large (~4096 bits) asymmetric to exchange a symmetric key. If that sounds like SSL, well now you know why.

Re:uncrackable encryption

[SillyNickName4me]

2^128 is a very big number. If the entire planet was turned into a vast computer with circuits an atom across it would take longer than the life of the universe to break an AES key by brute force.

First of all, yes, 2^128 is a very big number indeed. The rest of your statement however makes absolutely no sense whatsoever.

The size of a computer and the circuits within have little to do with how capable that computer is of performign the specific operations for breaking AES efficiently. Neither does your statement take into account the potential of weaknesses in the algorithm that might eliminate part of the keyspace. Do I have proof of such weaknesses? Nope, but the question is if I need that, the large majority of algorithms turns out to have such flaws. so unless you have mathematical proof that they do not exist in this case, the assumption that they exist is a safe one.

I vaguely remember people arguing that breaking DES was not feasable only some 25 years ago, and at the time they were probably somewhat right. Yet, nowadays it is breakable in hours by the kind of technology that private civilians can afford.

So all in all, it is safe to assume that AES is safe for the moment, but there is no telling what future technology will do. The likelyhood however is that both a breach of AES will be found, and hardware will be made that makes the AES problem relatively simple to solve.

Re:uncrackable encryption

[dnoyeb]

Beautiful. I have tried to explain for a time that this is not just the measure of encryption but the measure of security itself.

Security is the difference in access-pain for those with permisison vs. those without. Putting something where nobody can get to it is not ultimate security, thats no security at all.

As for the satellite, I presume the European one is offering more accuracy and that it can't be shut off by the US Government. Well not because they unilaterally decide to.

Also I'm surprised if anyone in US would be able to use this cracked satellite data in the US due to DMCA. But everyone else in the world can, lol.

Re:uncrackable encryption

[nojayuk]

"...the cluelessness of the Gallileo business model. Charging for something someone else is giving away is so 1990s. It only makes sense if there is something going on here we have not been told about."

Galileo makes high-precision access available to paying customers, the US NAVSTAR reserves that level of accuracy only for US and allied military systems. Some of the Galileo cluster will orbit at higher inclinations than the existing NAVSTAR cluster, making GPS more usable in the far North and far South (although I understand some planned future NAVSTAR satellite deployments will fill in the gaps here too). Galileo can't be switched off or degraded on a whim by a single government unlike the NAVSTAR system, allowing it to be trusted to control civilian aircraft in crowded skies.

The users of GPS will end up with multi-function receivers that can work interoperably with NAVSTAR and Galileo since it would be pointless commercially to do otherwise. Unless NAVSTAR goes commercial or the DoD stops degrading the signal the high-precision customers like airlines and such will use Galileo and pay for the convenience and predictability.

Re:uncrackable encryption

[NormalVisual]

Unless NAVSTAR goes commercial or the DoD stops degrading the signal the high-precision customers like airlines and such will use Galileo and pay for the convenience and predictability.

Selective availability (intentional degradation) was turned off on the Navstar system back in 2000, although there's nothing that says it won't get turned back on again sometime in the futures. In addition, differential GPS transmitters cover a large portion of the U.S., and DGPS is quite a bit more accurate than the data you get directly from the satellites, and works even when selective availability is active.

Re:Encryption Doesn't Work

[Linker3000]

Netcraft? That you?

Re:Never Understood the Logic of Galileo

[Anonymous Coward]

It's obvious that the EU will force all mobile phones, cars, planes, etc. sold in Europe to use Galileo. The free market would never adopt a new alternative that is not technically or functionally superior, is going against an entrenched competitor with a huge install base, and costs money where the alternative is free.

You need to check your assumptions.

The EU doesn't mandate GPS/Galileo in anything. The US does.

Galileo is functionally superior. The free precision will be better than with just GPS.

There is no installed base in high precision applications because there is no product on the market. Only the US military has global high precision positioning.

Galileo's normal precision code will be free, just as the base level precision of GPS is free.

Galileo's high precision code will be available commercially, whereas the GPS high precision codes are not available to non-military users.

me-too project [...] A380

The A380 is not a me-too project. Americans only even know that name because it is a real threat to Boeing, who chose not to build a plane of that capacity. It's not someone else's plane, only slightly bigger, either. It's the continuation of Airbus engineering, which is very different from Boeing's.

In other words, we just added an entire China

Unfortunately for you, that "China" you added belongs to foreign investors.

what non-military use?

[r00t]

I'm not seeing to many peaceful uses that aren't already covered by one of:

a. standard GPS
b. standard GPS plus a differential signal (good for airport approaches)
c. carrier-phase (sub-centimeter but slow, for surveying)

I'll grant that differential signals can make airports easy targets. :-)

For what are you needing the combination of precision, accuracy, fast measurements, and a location that hasn't been set up with a differential transmitter?

Re:Never Understood the Logic of Galileo

[Concerned Onlooker]

The free market would never adopt a new alternative that is not technically or functionally superior...

I suppose a free market wouldn't, but it's hard to say, given how we don't really have a working model of a free market to study. Except perhaps the truly lawless places on the planet.

And that GDP growth you're talking about? It's gone mostly to the people who are already wealthy. To the average American that statistic is a lie.

Regarding job creation:

• Private-sector jobs created by defense spendin

Re:Never Understood the Logic of Galileo

[DrPepper]

Your comments are pretty much just troll, fortunately you only make a few points really:

1. Galileo is not just a copy of the GPS system. It has higher precision than GPS and so opens up new applications that simply aren't possible at the moment. It also works better in some countries where GPS simply doesn't work very well. In fact the two systems will coexist, and future receivers are likely to support both which will give even better accuracy.

2. The A380 isn't just a "me-too" project - there isn't a si

Re:Digital road tolling

[alphakappa]

The Euro-peons are thinking about using the Galileo system as part of an electronic road tolling scheme... So, bearing in mind the surveillance potential of such a scheme, I'd think the best way to "crack" one of the Galileo satellites would be an ASAT missile...

Ohh, those silly Europeans... that kind [engadget.com] of thing [blueoregon.com] would never [gpsworld.com] happen in the US [xpd8.net]!

Re:Digital road tolling

[b0s0z0ku]

We already have tolls in some highways. If the highway from city A to city B is 100 kms long, we do not need a satellite to tell us that a car that went from A to B has run from 100 kms... maybe in USA it is different, but here in Europe that ride would be always of 100kms.

And as for a toll "for each kilometer a vehicle runs, in any road", we have taxes on gas for serve to mean a cost per kilometer/type of vehicle.

I'm aware of those objections to digital road tolling, and I agree with them. It doesn't