Can Skype be wiretapped by the authorities?

[Bill Stewart]

At 05:01 AM 4/29/2004, Enzo Michelangeli wrote:
> > Can Skype be wiretapped by the authorities? With collaboration of the
> > Skype operator? Without?
>
>What do you mean with "operator"? AFAIK, the system is fully peer-to-peer
>(http://www.skype.com/skype_p2pexplained.html ).
>....
>BUT, unfortunately, the implementation is closed source, so there are no
>guarantees that the software is not GAKked.

Also no guarantee that it's not implemented sufficiently incompetently
that the Authorities can't crack it if they want.  Somebody else's message
confirmed that there's a competence problem, though there may not be exploits.


...
>Not only that: NATted agents cannot be "called" unless they first register
>with some reflector on the open Internet. And centralized reflectors are,
>again, easy to attack, and also expensive to operate, as the bandwidth
>requirements are substantial (all the traffic flows through them): see
>e.g. John Walker's analysis of the reasons that led him to abandon
>SpeakFreely at http://www.fourmilab.ch/speakfree/ .

Skype uses a supernode structure to implement reflector service,
so it doesn't have the same centralization problems.
They don't document it well enough to know if it's possible to
wiretap a message by using a corrupt supernode as MITM, but perhaps.

It's frustrating that they use proprietary protocols for everything.
Their audio codec, however, is developed by a reputable company
(brain spacing out on their name, but I'd seen them before.)
Most of that company's codec designs are intended for boring
telephony-style 4khz mono audio, 64kbps uncompressed,
something small compressed, with really good loss/noise resistence,
rather than doing 7kHz or 11kHz audio or stereo sound,
but I don't know which codecs they've chosen.





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com