David Wagner <daw@cs.berkeley.edu> writes:
Is Skype secure?
The answer appears to be, "no one knows".
There have been other posts about this in the past, even though they use known algorithms the way they use them is completely homebrew and horribly insecure: Raw, unpadded RSA, no message authentication, no key verification, no replay protection, etc etc etc. It's pretty much a textbook example of the problems covered in the writeup I did on security issues in homebrew VPNs last year. (Having said that, the P2P portion of Skype is quite nice, it's just the security area that's lacking. Since the developers are P2P people, that's somewhat understandable). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]