Also known as: DES-XL, DES-OFB, ADP, Advanced Digital Privacy
DES-XL and ADP are the legacy encryption options that predate — and still coexist with — AES on P25 systems. DES-XL is the Data Encryption Standard run as a keystream cipher (Output-Feedback mode) over the vocoder frames, while ADP (Advanced Digital Privacy) is Motorola’s proprietary option built on the RC4 stream cipher with a 40-bit key.1 Both are weak by modern standards — DES for its 56-bit key and ADP for its 40-bit key — and both survive mainly on older or budget-tier deployments where they provide obscurity against casual scanning rather than real security.
How it works
Both options fit P25’s keystream model. The clear header advertises the algorithm and key (see Key ID & ALGID) and a Message Indicator that seeds the cipher, and the resulting keystream is XORed with the IMBE/AMBE vocoder bitstream frame by frame:
- DES-OFB / DES-XL — the DES
block cipher is never applied to the voice directly.
In Output-Feedback (OFB) mode it is run repeatedly over a feedback register
seeded by the MI, turning the 64-bit block cipher into a keystream generator so a
continuous voice stream can be encrypted without block padding. Standard P25
DES-OFB carries ALGID
0x81; Motorola’s DES-XL is a closely related proprietary variant. DES uses a 56-bit effective key. - ADP — Motorola’s Advanced Digital Privacy runs RC4,
a byte-oriented stream cipher, keyed by a 40-bit
user key combined with the message indicator to form RC4’s initial state. It
carries ALGID
0xAAand is popular because it is cheap to enable on many radios.
In practice — why they are weak
Neither cipher offers meaningful security against a determined attacker, and this is
a matter of key length, not just age. Single DES’s 56-bit key was broken by
public brute-force hardware in the late 1990s and is trivially recoverable today with
modern compute given known plaintext; the P25 vocoder’s structured frames make such
plaintext readily available. ADP is weaker still: a 40-bit key is a
brute-force target well within reach of a single
GPU, and RC4 additionally has well-documented keystream biases that undermine it
independent of key size. Reusing a message indicator — a two-time-pad mistake for any
keystream cipher — leaks the XOR of two plaintexts and is a further practical
pitfall. These weaknesses, plus DES’s obsolescence, are exactly why P25 standardized
on AES-256 (ALGID 0x84) for secure voice; DES-XL and ADP persist as legacy
interoperability and low-cost “privacy” rather than as genuine confidentiality.
Relevance to SDR
DES-XL and ADP are the encryption a scanner most often sees on older P25 fleets, and they mark a real distinction in how far a passive receiver can go. GopherTrunk reads the clear ALGID and Key ID and can therefore report precisely that a talkgroup is running DES-XL or ADP rather than AES, which is useful intelligence about a system’s age and posture. It does not, however, attempt key recovery: cracking a 40-bit ADP key or a 56-bit DES key is an active cryptanalytic effort requiring captured ciphertext, known plaintext, and dedicated compute, and it is entirely outside GopherTrunk’s decode chain. The honest framing is consistent across the project — GopherTrunk detects, identifies, and follows encrypted P25 calls and decodes clear ones, but recovering keyed audio, even under these weak legacy ciphers, is not something it does.
Sources
-
Project 25 — Wikipedia, for the P25 encryption options including DES-OFB and AES and their algorithm identifiers. See also Data Encryption Standard — Wikipedia, for DES’s 56-bit key and its brute-force break. ↩