Phil Zimmerman and voice encryption; a Skype problem?
Paul Hoffman
paul.hoffman at vpnc.org
Mon May 22 11:18:31 EDT 2006
At 10:19 AM -0400 5/22/06, Steven M. Bellovin wrote:
>There's an article in today's NY Times (for subscribers, it's at
>http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=1&oref=slogin )
>on whether Phil Zimmerman's Zfone -- an encrypted VoIP package -- will
>invite government scrutiny. There doesn't seem to be any imminent threat
>in the U.S.; the one concrete example mentioned -- the British plan to
>give police the power to compel individuals to disclose keys -- doesn't
>threaten Zfone, because it uses Diffie-Hellman for (among other things)
>perfect forward secrecy and doesn't even have any long-term keys. (See
>draft-zimmermann-avt-zrtp-01.txt for protocol details.)
>
>The fascinating thing, though, was this sentence near the end of the
>article:
>
> But at a conference last week in Cyprus, German officials said
> they had technology for intercepting and decrypting Skype phone
> calls, according to Anthony M. Rutkowski, vice president for
> regulatory affairs and standards for VeriSign, a company that
> offers security for Internet and phone operations.
>
>The Berson report says that Skype uses AES-256. NSA rates that as
>suitable for Top Secret traffic, so it's presumably not the cipher.
>Berson analyzed a number of other possible attack scenarios; the only one
>that seems to be possible is an active attack plus forged certificates.
>If Berson's analysis was correct -- and we all know how hard it is to
>verify cryptographic protocols -- that leaves open the possibility of a
>protocol change that implemented some sort of Clipper-like functionality.
Please don't forget that the VeriSign spokesperson may be mistaken,
or purposely lying (possibly in order to drum up business for the
company). Neither would be a first for VeriSign.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list