On 3/21/06, Eugen Leitl <eugen@leitl.org> wrote:
it's interesting to note that this clearly allows for a MITM as required by legal authorities (Skype mentioned fully cooperating with authorities as required - how often do they do this?). the client authentication uses public keys signed by the Skype Authority; presumably any key they sign as being "User Alice", even if belonging to "User Eve", will be accepted by the client. with no visibility in client certs at the UI level i don't see how this can be avoided. note that this is really just useful for inter-skype calls as CALEA/traditional taps can take place once a skype call hits POTS. one of the slides mentions: "You are the certification authority - You can intercept and decrypt session keys". if this means that client private keys are also handed to the skype authority then eavesdropping is trivial (and no longer requires active MITM). however, this tidbit is listed under "Skype Voice Interception - Feasibility of a man in the middle attack" so i'm not sure if they are talking about a passive eavesdrop or an active MITM with regards to the cert authority intervention. other interesting bits: they use a 2^32 strength key for RC4 obfuscation of data payloads. all this encryption is purely done to obfuscate protocol. (the binary obfuscation is impressive as well; i fucking hate that shit though :) blocking skype with one rule: iptables -I FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP approximately 20,000 super nodes exist. heap exploits for biggest botnet ever? :P~