MOTOTRBO how secure is it and vhf dig vs analogue distance

[moj]

The difference tho if the enhanced encryption is turned on is no speech can be heard at all

[radiosification]

I have some MOTOTRBO radios and have done range tests. With enhanced privacy on, the range is not even as good as analog. I don't recommend anyone using enhanced privacy unless you really really need it.

[Cowthief]

Hello.

First off the enhanced encryption is hex 10 place, or 16, 68719476736 possible codes.
But, here is the problem, there is only ONE answer to the problem, a sine wave output, or actually only output.
Run the encryption software on your computer, run a code runner, and even an old musty dusty 486 can crack it in under a minute.
You simply take a tiny slice of encrypted and wait until there is output.
P-25 and ProVoice in the US as well as TETRA is cracked this way.
There is software out that turns some smartphones into scanners, and can crack code on the fly.
Of course, governments are upset.
The moral of the story is, it is radio, do not expect it to be secure.
If someone else can get your encryption device and key loader, or better still, emulate this on a computer, there is a problem.

[kr0ne]

Trololol

10 digits of hex would give 1,099,511,627,775 possible values. The comma isn't even in the right place to make any sense with the number of digits in what you said...

Besides, doesn't MOTORTBO enhanced security use a 40bit code with a sort of rolling code thing on top of that? I'm sure somebody more knowledgeable will be along in a mo.

[radiosification]

Yes I think Cowthief is just having a little joke. To Cowthief, please provide a reference if you're serious.

Motorola's Basic privacy is really quite basic and could be cracked in seconds on a computer.
Enhanced privacy is only 40 bit and I read that it can be cracked in a few days on a computer.
AES256 is very secure, and won't be cracked by any modern computer or even supercomputer. It is possible, but it would take a very very long time. By the time anyone cracked it, the human race would have died out.
AES256 has to be bought from motorola if you have a TRBO radio. I don't think Hytera charge for it (Not sure though, someone verify please?).
However, it is not completely secure. There are other methods that people can use, such as paying off whoever programmed the radios to give them the key, or modifying the radio in a way which allows them to extract the key when it is programmed.
TETRA is a more secure standard than DMR, so if you really need security then go to TETRA. But for most people, DMR with AES256 is more than enough.

[BK]

Trololol

10 digits of hex would give 1,099,511,627,775 possible values. The comma isn't even in the right place to make any sense with the number of digits in what you said...

Besides, doesn't MOTORTBO enhanced security use a 40bit code with a sort of rolling code thing on top of that? I'm sure somebody more knowledgeable will be along in a mo.

40 bits is the same thing as 10 characters of hex
2^40 = 1,099,511,627,775
16^10 = 1,099,511,627,775

Enhanced privacy does protect each super frame in a different manner. I don't know exactly how it does this, but according to Motorola;

Enhanced Privacy uses multiple keys and a random number to ensure that the encryption data is different for each data message and each superframe of a voice message. This requires transporting crypto parameters (e.g. key Identifier, Initialization Vector) with the voice or data payload. A voice message, in the case of Enhanced Privacy, requires an additional header and replaces some of the least important bits of the voice payload with the Initialization Vector. The additional header increases the System Access Time except when Talk Permit Tone is enabled (in repeater mode) where the additional header replaces one of the normal voice headers. The replacement of payload bits reduces the voice quality. Note that the reduction in voice quality is barely noticeable.

[scottyboy]

Motorola's Basic privacy is really quite basic and could be cracked in seconds on a computer.
Enhanced privacy is only 40 bit and I read that it can be cracked in a few days on a computer.

If the software is available in the public domain I wouldn't mind trialling it out?

[radiosification]

No, there's nothing available. If there was, I would have definitely tried it out!
But if someone did write a piece of software, that is a rough guide to how long it would take to crack the encryption for each type.
It is possible that someone has written software to do it, and not released it. I don't know that anyone has though.

[kr0ne]

40 bits is the same thing as 10 characters of hex
2^40 = 1,099,511,627,775
16^10 = 1,099,511,627,775

Enhanced privacy does protect each super frame in a different manner. I don't know exactly how it does this, but according to Motorola;

Enhanced Privacy uses multiple keys and a random number to ensure that the encryption data is different for each data message and each superframe of a voice message. This requires transporting crypto parameters (e.g. key Identifier, Initialization Vector) with the voice or data payload. A voice message, in the case of Enhanced Privacy, requires an additional header and replaces some of the least important bits of the voice payload with the Initialization Vector. The additional header increases the System Access Time except when Talk Permit Tone is enabled (in repeater mode) where the additional header replaces one of the normal voice headers. The replacement of payload bits reduces the voice quality. Note that the reduction in voice quality is barely noticeable.

LOL, so we are happy with a figure of 1,099,511,627,775 total possibilities then.

Let's forget about the rolling code aspect for a moment.

Under a minute, eh? I'm a generous guy. Cowpat, you have 59 seconds...

So. To try 1,099,511,627,775 possible values in 59 seconds we will need to decode and test more than 18,635,790,301 possibilities every single second.

What is your "musty dusty 486" clocked at? 66MHz? No, I already mentioned that I was a generous person so you can have a clock tripled DX33 - the DX4 clocked at 100MHz. The last and most powerful chip that Intel produced in the 486 family.

100MHz - that is 100,000,000 clock cycles per second.

Does anybody see a problem here?

Essentially Cowpat is claiming that it is possible to decrypt and test a slice of encrypted audio more than 186 times per clock cycle!

Well done Cowthief! Clearly you have stumbled on to a brand of 486 PC that due to an undocumented engineering fault can be pressed into service as a Quantum supercomputer! I'd stop fannying around with 1.2kW linear amplifiers made out of old TVs and start seriously marketing your computing discovery.

You will be a millionaire before 2015.