[16709] in cryptography@c2.net mail archive
Re: Simson Garfinkel analyses Skype - Open Society Institute
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Wed Jan 26 19:16:53 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cryptography@metzdowd.com>
Date: Tue, 11 Jan 2005 23:48:47 -0800
----- Original Message -----
From: "David Wagner" <daw@cs.berkeley.edu>
Subject: Simson Garfinkel analyses Skype - Open Society Institute
> In article <41E07994.5060004@systemics.com> you write:
>>Is Skype secure?
>
> The answer appears to be, "no one knows". The report accurately reports
> that because the security mechanisms in Skype are secret, it is impossible
> to analyze meaningfully its security.
Actually that is not entirely true. While Skype has been getting more than
it's fair share of publicity lately surrounding it's security the truth is
that shortly after it's first release I personally had a discussion in their
forums (should still be there if you find something by holomntn that's the
correct one, I haven't discussed anything since). In that discussion it was
shown that they clearly did not have a solid grasp on security, nor
apparently had anyone of them read the SIP specification. During that
conversation, and some future private ones, it has been revealed to me that
Skype's security is questionable at best, and that they are in fact
basically relying on security through obscurity. It is likely that this will
work for quite some time simply because most IM conversations, and most
phone conversations for that matter are simply not worth listening to.
With that said, in their favor they do have substantial qualities. Because
they effectively form a routed network an intermediate evesdropping attempt
will have to sort through a substantial amount of undesired traffic (see
Rivest on Wheat and Chaff for explaination of the security offered), this is
possible because although there are security holes, the end stream is
difficult to determine from random (AES/CBC). This creates a substantial
boost in the amount of effort required to acquire a stream of significance
unless the endpoints are known. The other big thing in their favor is that
apparently very few people want to be bothered by analysing the security,
basically if no one is looking it is secure. Additionally, in version 1.1
Skype appears to have begun providing a moving target for a break, between
version 1.0 and 1.1 Skype performed some changes to the protocol, while I do
not know the exact nature of these, even a simple investigation of the GUI
shows some changes (IM someone with a different version you will be
cautioned about protocol changes even though security is not listed), this
moving target creates the possibility to generate some security through
obscurity, and the ability to upgrade the security at a moments notice.
Working against them. The biggest thing working against them is that a
growing number of teenagers are using Skype (a significant portion of
Gunderson High School in San Jose, Ca actually uses Skype during class, and
has been busted by me for it). This poses a substantial risk for common
hacking to occur. This is something that I am unclear on whether or not
Skype has prepared. As the general populus begins to use Skype more the
security question becomes of greater importance (reference the attacks on
Windows that go on every day).
With all that said it is important to note that I have no access to the
current Skype protocol and I only briefly had limited access to an early
one, so my analysis may be substantially off.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
