Can Skype be wiretapped by the authorities?
Arnold G. Reinhold
reinhold at world.std.com
Thu Apr 29 10:49:00 EDT 2004
At 10:49 PM +0200 4/27/04, Axel H Horns wrote:
>Is something known about the details of the crypto protocol within
>Skype? How reliable is the encryption?
>
>See e.g.
>
>http://www.financialcryptography.com/mt/archives/000076.html
>
>Can Skype be wiretapped by the authorities? With collaboration of the
>Skype operator? Without?
>
From the Skype FAQ http://www.skype.com/help_faq.html:
"Is the source code for Skype available? Can I have a copy?
No. Skype is proprietary and closed-source software."
In a closed source system it is certainly possible for the authors to
provide "backdoors" that would allow wiretapping. There are many
ways to do this. Perhaps the simplest way is to constrain the random
number generator to select values from a limited, searchable set of
possibilities. The constraint might be turned on by receipt of a
special message.
The backdoor could be included in all copies of the program or just
selected copies, particularly if there are provisions for automatic
updates. A backdoor could also be delivered as a virus or worm.
If the authorities can gain one-time physical access to one of the
computers in the Skype network, all encrypted communication to and
from that computer as an end point can be compromised regardless of
how well Skype has designed its system (this does not include
messages relayed by that computer if Skype has done things right).
This is not to suggest that Skype is a bad product or that all
open-source encryption solutions are safe, but a closed-source system
is only as trustworthy as its authors.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list