MOTOTRBO how secure is it and vhf dig vs analogue distance
-
- Super Member
- Posts: 355
- Joined: 28 Jun 2011, 12:18
- Location: Manchester , Uk
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
The difference tho if the enhanced encryption is turned on is no speech can be heard at all
- radiosification
- Top Poster
- Posts: 2495
- Joined: 27 Dec 2010, 23:52
- Location: London
- Contact:
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
I have some MOTOTRBO radios and have done range tests. With enhanced privacy on, the range is not even as good as analog. I don't recommend anyone using enhanced privacy unless you really really need it.
If you're interested in digital voice, check out my YouTube channel:
http://www.youtube.com/radiosification
http://www.youtube.com/radiosification
-
- Banned
- Posts: 136
- Joined: 02 Aug 2014, 18:26
- Call Sign: KA5PIU
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
Hello.
First off the enhanced encryption is hex 10 place, or 16, 68719476736 possible codes.
But, here is the problem, there is only ONE answer to the problem, a sine wave output, or actually only output.
Run the encryption software on your computer, run a code runner, and even an old musty dusty 486 can crack it in under a minute.
You simply take a tiny slice of encrypted and wait until there is output.
P-25 and ProVoice in the US as well as TETRA is cracked this way.
There is software out that turns some smartphones into scanners, and can crack code on the fly.
Of course, governments are upset.
The moral of the story is, it is radio, do not expect it to be secure.
If someone else can get your encryption device and key loader, or better still, emulate this on a computer, there is a problem.
First off the enhanced encryption is hex 10 place, or 16, 68719476736 possible codes.
But, here is the problem, there is only ONE answer to the problem, a sine wave output, or actually only output.
Run the encryption software on your computer, run a code runner, and even an old musty dusty 486 can crack it in under a minute.
You simply take a tiny slice of encrypted and wait until there is output.
P-25 and ProVoice in the US as well as TETRA is cracked this way.
There is software out that turns some smartphones into scanners, and can crack code on the fly.
Of course, governments are upset.
The moral of the story is, it is radio, do not expect it to be secure.
If someone else can get your encryption device and key loader, or better still, emulate this on a computer, there is a problem.
- kr0ne
- Veteran
- Posts: 4536
- Joined: 25 Sep 2011, 18:33
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
Trololol
10 digits of hex would give 1,099,511,627,775 possible values. The comma isn't even in the right place to make any sense with the number of digits in what you said...
Besides, doesn't MOTORTBO enhanced security use a 40bit code with a sort of rolling code thing on top of that? I'm sure somebody more knowledgeable will be along in a mo.
10 digits of hex would give 1,099,511,627,775 possible values. The comma isn't even in the right place to make any sense with the number of digits in what you said...
Besides, doesn't MOTORTBO enhanced security use a 40bit code with a sort of rolling code thing on top of that? I'm sure somebody more knowledgeable will be along in a mo.
- radiosification
- Top Poster
- Posts: 2495
- Joined: 27 Dec 2010, 23:52
- Location: London
- Contact:
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
Yes I think Cowthief is just having a little joke. To Cowthief, please provide a reference if you're serious.
Motorola's Basic privacy is really quite basic and could be cracked in seconds on a computer.
Enhanced privacy is only 40 bit and I read that it can be cracked in a few days on a computer.
AES256 is very secure, and won't be cracked by any modern computer or even supercomputer. It is possible, but it would take a very very long time. By the time anyone cracked it, the human race would have died out.
AES256 has to be bought from motorola if you have a TRBO radio. I don't think Hytera charge for it (Not sure though, someone verify please?).
However, it is not completely secure. There are other methods that people can use, such as paying off whoever programmed the radios to give them the key, or modifying the radio in a way which allows them to extract the key when it is programmed.
TETRA is a more secure standard than DMR, so if you really need security then go to TETRA. But for most people, DMR with AES256 is more than enough.
Motorola's Basic privacy is really quite basic and could be cracked in seconds on a computer.
Enhanced privacy is only 40 bit and I read that it can be cracked in a few days on a computer.
AES256 is very secure, and won't be cracked by any modern computer or even supercomputer. It is possible, but it would take a very very long time. By the time anyone cracked it, the human race would have died out.
AES256 has to be bought from motorola if you have a TRBO radio. I don't think Hytera charge for it (Not sure though, someone verify please?).
However, it is not completely secure. There are other methods that people can use, such as paying off whoever programmed the radios to give them the key, or modifying the radio in a way which allows them to extract the key when it is programmed.
TETRA is a more secure standard than DMR, so if you really need security then go to TETRA. But for most people, DMR with AES256 is more than enough.
If you're interested in digital voice, check out my YouTube channel:
http://www.youtube.com/radiosification
http://www.youtube.com/radiosification
-
- Top Poster
- Posts: 1246
- Joined: 17 Jan 2007, 11:17
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
40 bits is the same thing as 10 characters of hexkr0ne wrote:Trololol
10 digits of hex would give 1,099,511,627,775 possible values. The comma isn't even in the right place to make any sense with the number of digits in what you said...
Besides, doesn't MOTORTBO enhanced security use a 40bit code with a sort of rolling code thing on top of that? I'm sure somebody more knowledgeable will be along in a mo.
2^40 = 1,099,511,627,775
16^10 = 1,099,511,627,775
Enhanced privacy does protect each super frame in a different manner. I don't know exactly how it does this, but according to Motorola;
Enhanced Privacy uses multiple keys and a random number to ensure that the encryption data is different for each data message and each superframe of a voice message. This requires transporting crypto parameters (e.g. key Identifier, Initialization Vector) with the voice or data payload. A voice message, in the case of Enhanced Privacy, requires an additional header and replaces some of the least important bits of the voice payload with the Initialization Vector. The additional header increases the System Access Time except when Talk Permit Tone is enabled (in repeater mode) where the additional header replaces one of the normal voice headers. The replacement of payload bits reduces the voice quality. Note that the reduction in voice quality is barely noticeable.
-
- Radio Addict
- Posts: 756
- Joined: 12 Jul 2010, 16:41
- Location: scotland, lanarkshire
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
If the software is available in the public domain I wouldn't mind trialling it out?Motorola's Basic privacy is really quite basic and could be cracked in seconds on a computer.
Enhanced privacy is only 40 bit and I read that it can be cracked in a few days on a computer.
2M0SRM
Quansheng tg-uv2
yaesu FT-7900E
Motorola DP3600 UHF + VHF
MTH800
MTP850s
SRH3800
CM-9000
MTM5400
Quansheng tg-uv2
yaesu FT-7900E
Motorola DP3600 UHF + VHF
MTH800
MTP850s
SRH3800
CM-9000
MTM5400
- radiosification
- Top Poster
- Posts: 2495
- Joined: 27 Dec 2010, 23:52
- Location: London
- Contact:
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
No, there's nothing available. If there was, I would have definitely tried it out!
But if someone did write a piece of software, that is a rough guide to how long it would take to crack the encryption for each type.
It is possible that someone has written software to do it, and not released it. I don't know that anyone has though.
But if someone did write a piece of software, that is a rough guide to how long it would take to crack the encryption for each type.
It is possible that someone has written software to do it, and not released it. I don't know that anyone has though.
If you're interested in digital voice, check out my YouTube channel:
http://www.youtube.com/radiosification
http://www.youtube.com/radiosification
- kr0ne
- Veteran
- Posts: 4536
- Joined: 25 Sep 2011, 18:33
Re: MOTOTRBO how secure is it and vhf dig vs analogue distan
LOL, so we are happy with a figure of 1,099,511,627,775 total possibilities then.BK wrote:40 bits is the same thing as 10 characters of hex
2^40 = 1,099,511,627,775
16^10 = 1,099,511,627,775
Enhanced privacy does protect each super frame in a different manner. I don't know exactly how it does this, but according to Motorola;
Enhanced Privacy uses multiple keys and a random number to ensure that the encryption data is different for each data message and each superframe of a voice message. This requires transporting crypto parameters (e.g. key Identifier, Initialization Vector) with the voice or data payload. A voice message, in the case of Enhanced Privacy, requires an additional header and replaces some of the least important bits of the voice payload with the Initialization Vector. The additional header increases the System Access Time except when Talk Permit Tone is enabled (in repeater mode) where the additional header replaces one of the normal voice headers. The replacement of payload bits reduces the voice quality. Note that the reduction in voice quality is barely noticeable.
Let's forget about the rolling code aspect for a moment.
Under a minute, eh? I'm a generous guy. Cowpat, you have 59 seconds...
So. To try 1,099,511,627,775 possible values in 59 seconds we will need to decode and test more than 18,635,790,301 possibilities every single second.
What is your "musty dusty 486" clocked at? 66MHz? No, I already mentioned that I was a generous person so you can have a clock tripled DX33 - the DX4 clocked at 100MHz. The last and most powerful chip that Intel produced in the 486 family.
100MHz - that is 100,000,000 clock cycles per second.
Does anybody see a problem here?
Essentially Cowpat is claiming that it is possible to decrypt and test a slice of encrypted audio more than 186 times per clock cycle!
Well done Cowthief! Clearly you have stumbled on to a brand of 486 PC that due to an undocumented engineering fault can be pressed into service as a Quantum supercomputer! I'd stop fannying around with 1.2kW linear amplifiers made out of old TVs and start seriously marketing your computing discovery.
You will be a millionaire before 2015.