Can Skype be wiretapped by the authorities?

Joseph Ashwood ashwood at msn.com
Wed Apr 28 16:21:48 EDT 2004


----- Original Message ----- 
From: "Axel H Horns" <axel.h.horns at gmx.net>
Subject: Can Skype be wiretapped by the authorities?


> Is something known about the details of the crypto protocol within
> Skype? How reliable is the encryption?

While Skype is generally rather protective of their protocol, there have
been leaks, in fact one elak that I am aware of was to me personally,
unfortunately I do not have the protocol any more it just wasn't worth
saving. With that said the protocol is horribly and completely worthless,
they brag about using 1536-2048 bit RSA, but what they dont' tell you is
that when I saw the protocol the key was directly encrypted without padding,
it's also worth noting that when I said "key" that wasn't a typo, there was
only one, although it was hashed to create two. There was a complete lack of
message authentication, a complete lack of key verification, a complete lack
of one-timeness to the transfers, basically a complete lack of security,
even their user verification was flawed to the point where it was completely
worthless. Assuming that they have not changed their protocol substantially
(likely considering no one would listen to the individual that leaked it to
me, and hence was given the breaks) the protocol is still horribly insecure,
and pointlessly complex. The ONLY functional security it has is that it is
peer2peer and as such it is harder to eavesdrop.
                            Joe

Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list