[Clips] Skype Use May Make Eavesdropping Passe
coderman
coderman at gmail.com
Thu Feb 16 15:22:03 PST 2006
On 2/16/06, R. A. Hettinga <rah at shipwright.com> wrote:
> ... the fastest-growing technology for Internet calls appears to
> have the potential to make eavesdropping a thing of the past.
> ...
> Luxembourg-based Skype
> ...
> Skype keys are 256 bits long - twice as
> long as the 128-bit keys used to send credit card numbers over the
> Internet. The security is much more than doubled - in theory, Skype's
> 256-bit keys would take trillions of times longer to crack than 128-bit
> keys, which are themselves regarded as practically impossible to break by
> current means.
> ...
> Security experts are not completely convinced that Skype is as secure as it
> seems, because the company hasn't made its technology open to review. In
> the cryptographic community, opening software blueprints to outsiders who
> can point out errors is considered to be the safest way to go. Because of
> the complex mathematics involved, a properly designed cryptographic system
> can be unbreakable even if its method is known to outsiders.
> ...
> Kurt Sauer, Skype's chief security officer, ... said Skype "cooperates fully with
> all lawful requests from
> relevant authorities." He would not give particulars on the type of support
> provided.
> ...
> "What you and I are saying is much less important than the fact that you
> and I are talking," Schneier says. "Against traffic analysis, encryption is
> irrelevant."
yeah, better than nothing, but how far do you trust a faceless corp
peddling closed source warez? (same goes for Google, etc. the recent
announcement to make zPhone open source is a big win IMHO)
i'd love to see a high order analysis of these 256bit nonces used for
keying skype. use of entropy on windoze has traditionally been pretty
poor.
my favorite example to date: http://lcamtuf.coredump.cx/newtcp/ -
"Strange Attractors and TCP/IP Sequence Number Analysis"
p.s. speaking of google, can we all agree they are well on the path
of evil? logging all chats? multiple computer search? glad i only
use gmail for public comms...
More information about the cypherpunks-legacy
mailing list