Simson Garfinkel analyses Skype - Open Society Institute
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jan 11 11:00:29 EST 2005
David Wagner <daw at cs.berkeley.edu> writes:
>>Is Skype secure?
>
>The answer appears to be, "no one knows".
There have been other posts about this in the past, even though they use known
algorithms the way they use them is completely homebrew and horribly insecure:
Raw, unpadded RSA, no message authentication, no key verification, no replay
protection, etc etc etc. It's pretty much a textbook example of the problems
covered in the writeup I did on security issues in homebrew VPNs last year.
(Having said that, the P2P portion of Skype is quite nice, it's just the
security area that's lacking. Since the developers are P2P people, that's
somewhat understandable).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list