Simson Garfinkel analyses Skype - Open Society Institute

Adam Shostack adam at homeport.org
Tue Jan 11 10:48:12 EST 2005


On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote:
| In article <41E07994.5060004 at systemics.com> you write:
| >Voice Over Internet Protocol and Skype Security
| >Simson L. Garfinkel
| >http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf
| 
| >Is Skype secure?
| 
| The answer appears to be, "no one knows".  The report accurately reports
| that because the security mechanisms in Skype are secret, it is impossible
| to analyze meaningfully its security.  Most of the discussion of the
| potential risks and questions seems quite good to me.
| 
| But in one or two places the report says things like "A conversation on
| Skype is vastly more private than a traditional analog or ISDN telephone"
| and "Skype is more secure than today's VoIP systems".  I don't see any
| basis for statements like this.  Unfortunately, I guess these sorts of
| statements have to be viewed as blind guesswork.  Those claims probably
| should have been omitted from the report, in my opinion -- there is
| really no evidence either way.  Fortunately, these statements are the
| exception and only appear in one or two places in the report.

The basis for these statements is what the other systems don't do.  My
Vonage VOIP phone has exactly zero security.  It uses the SIP-TLS
port, without encryption.  It doesn't encrypt anything.  So, its easy
to be more secure than that.  So, while it may be bad cryptography, it
is still better than the alternatives.  Unfortunately.

Adam


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list