Interesting. Of course, with the possible exception of Skype, only the over-the-network part of the communication is protected. The IM providers can still give the contents of your communications to third parties.
As far as I can tell after having reverse engineered its protocol, Skype is actually very well made with a few exceptions that would still be next to impossible to exploit for a street hacker (and with only one suspicious thing that looks like a backdoor exploitable only by the server and only by whoever knows the preimages to some hard- coded MD5 values - "it looks like a backdoor, it smells like a backdoor, it gotta be a duck"). Other than that, peer-to-peer AES-256 with randomly generated RSA keys is good enough for me.
As OTR has shown, it's not hard to do end-to-end crypto even if you don't have direct client connectivity. Makes one wonder why the default clients don't have the functionality :)
Way too much hassle for them having to deal with the government agencies demanding access to intercepted communications. It goes for all the products developed by large corporations. The general attitude is "honest people have nothing to hide" aggravated by the encryption export controls and the Wassenaar Arrangement. While Skype was made by Estonians who simply didn't care about any such nonsense. So the cheapest way for the NSA to obtain all the Skype's secret keys giving them at least some access to the servers and traffic obfuscation algorithms was to have a US company pay $4bln for it... Well done!
Marcos el Ruptor http://www.enrupt.com/ - Raising the bar. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
