[smb at cs.columbia.edu: Skype security evaluation]

[cyphrpunk]

On 11/4/05, Morlock Elloi <morlockelloi at yahoo.com> wrote:
> What is the threat model? Even ROT-13 would thwart casual listening on or data
> harvesting. If you to be secure then you use voice over IPSec, PGPhone or any
> of dozens of other solutions.
>
> The idea that a commercial carrier can or should provide NSA-proof security
> boggles the mind. Nice masturbatory material though.

It's not too much to ask that Skype provide real security. It's no
harder to do that than to offer fake security.

And more to the point, this so-called security review should have been
able to pinpoint these security weaknesses rather than running test
vectors against its algorithms. (Granted, the review did in fact
identify several weaknesses, but it appears to have glossed over
others.)

CP