----- Original Message ----- From: "Axel H Horns" <[EMAIL PROTECTED]> Subject: Can Skype be wiretapped by the authorities?
> Is something known about the details of the crypto protocol within > Skype? How reliable is the encryption? While Skype is generally rather protective of their protocol, there have been leaks, in fact one elak that I am aware of was to me personally, unfortunately I do not have the protocol any more it just wasn't worth saving. With that said the protocol is horribly and completely worthless, they brag about using 1536-2048 bit RSA, but what they dont' tell you is that when I saw the protocol the key was directly encrypted without padding, it's also worth noting that when I said "key" that wasn't a typo, there was only one, although it was hashed to create two. There was a complete lack of message authentication, a complete lack of key verification, a complete lack of one-timeness to the transfers, basically a complete lack of security, even their user verification was flawed to the point where it was completely worthless. Assuming that they have not changed their protocol substantially (likely considering no one would listen to the individual that leaked it to me, and hence was given the breaks) the protocol is still horribly insecure, and pointlessly complex. The ONLY functional security it has is that it is peer2peer and as such it is harder to eavesdrop. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]