Field Guide · algorithm

Also known as: DES-XL, DES-OFB, ADP, Advanced Digital Privacy

DES-XL and ADP are the legacy encryption options that predate — and still coexist with — AES on P25 systems. DES-XL is the Data Encryption Standard run as a keystream cipher (Output-Feedback mode) over the vocoder frames, while ADP (Advanced Digital Privacy) is Motorola’s proprietary option built on the RC4 stream cipher with a 40-bit key.1 Both are weak by modern standards — DES for its 56-bit key and ADP for its 40-bit key — and both survive mainly on older or budget-tier deployments where they provide obscurity against casual scanning rather than real security.

DES-XL: 56-bit DESOFB feedback → keystream ADP: 40-bit RC4state → keystream keystream vocoder frames on air
DES-XL (56-bit DES in OFB) and ADP (40-bit RC4) both manufacture a keystream that is XORed with the P25 vocoder frames.

How it works

Both options fit P25’s keystream model. The clear header advertises the algorithm and key (see Key ID & ALGID) and a Message Indicator that seeds the cipher, and the resulting keystream is XORed with the IMBE/AMBE vocoder bitstream frame by frame:

  • DES-OFB / DES-XL — the DES block cipher is never applied to the voice directly. In Output-Feedback (OFB) mode it is run repeatedly over a feedback register seeded by the MI, turning the 64-bit block cipher into a keystream generator so a continuous voice stream can be encrypted without block padding. Standard P25 DES-OFB carries ALGID 0x81; Motorola’s DES-XL is a closely related proprietary variant. DES uses a 56-bit effective key.
  • ADP — Motorola’s Advanced Digital Privacy runs RC4, a byte-oriented stream cipher, keyed by a 40-bit user key combined with the message indicator to form RC4’s initial state. It carries ALGID 0xAA and is popular because it is cheap to enable on many radios.

In practice — why they are weak

Neither cipher offers meaningful security against a determined attacker, and this is a matter of key length, not just age. Single DES’s 56-bit key was broken by public brute-force hardware in the late 1990s and is trivially recoverable today with modern compute given known plaintext; the P25 vocoder’s structured frames make such plaintext readily available. ADP is weaker still: a 40-bit key is a brute-force target well within reach of a single GPU, and RC4 additionally has well-documented keystream biases that undermine it independent of key size. Reusing a message indicator — a two-time-pad mistake for any keystream cipher — leaks the XOR of two plaintexts and is a further practical pitfall. These weaknesses, plus DES’s obsolescence, are exactly why P25 standardized on AES-256 (ALGID 0x84) for secure voice; DES-XL and ADP persist as legacy interoperability and low-cost “privacy” rather than as genuine confidentiality.

Relevance to SDR

DES-XL and ADP are the encryption a scanner most often sees on older P25 fleets, and they mark a real distinction in how far a passive receiver can go. GopherTrunk reads the clear ALGID and Key ID and can therefore report precisely that a talkgroup is running DES-XL or ADP rather than AES, which is useful intelligence about a system’s age and posture. It does not, however, attempt key recovery: cracking a 40-bit ADP key or a 56-bit DES key is an active cryptanalytic effort requiring captured ciphertext, known plaintext, and dedicated compute, and it is entirely outside GopherTrunk’s decode chain. The honest framing is consistent across the project — GopherTrunk detects, identifies, and follows encrypted P25 calls and decodes clear ones, but recovering keyed audio, even under these weak legacy ciphers, is not something it does.

Sources

  1. Project 25 — Wikipedia, for the P25 encryption options including DES-OFB and AES and their algorithm identifiers. See also Data Encryption Standard — Wikipedia, for DES’s 56-bit key and its brute-force break. 

See also