[smb at cs.columbia.edu: Skype security evaluation]
Jack Lloyd
lloyd at randombit.net
Wed Oct 26 11:37:49 EDT 2005
On Wed, Oct 26, 2005 at 07:47:22AM -0700, Dirk-Willem van Gulik wrote:
> On Mon, 24 Oct 2005, cyphrpunk wrote:
>
> > Is it possible that Skype doesn't use RSA encryption? Or if they do,
> > do they do it without using any padding, and is that safe?
>
> You may want to read the report itself:
>
> http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
>
> and perhaps section 3.2.3 (about padding) and 3.2.2 (about how RSA is
> used) may help with this (and what it is used for in section 2).
I just reread those sections and I still don't see anything about RSA
encryption padding either. 3.2.2 just has some useless factoids about the RSA
implementation (but neglects to mention important implementation points, like
if blinding is used, or if signatures are verified before being
released). 3.2.3 describes the signature padding, but makes no mention of the
encryption padding, or even that a padding method is used for encryption.
Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list