At 10:49 PM +0200 4/27/04, Axel H Horns wrote:
Is something known about the details of the crypto protocol within
Skype? How reliable is the encryption?

See e.g.

Can Skype be wiretapped by the authorities? With collaboration of the
Skype operator? Without?

From the Skype FAQ

"Is the source code for Skype available? Can I have a copy?
No. Skype is proprietary and closed-source software."

In a closed source system it is certainly possible for the authors to provide "backdoors" that would allow wiretapping. There are many ways to do this. Perhaps the simplest way is to constrain the random number generator to select values from a limited, searchable set of possibilities. The constraint might be turned on by receipt of a special message.

The backdoor could be included in all copies of the program or just selected copies, particularly if there are provisions for automatic updates. A backdoor could also be delivered as a virus or worm.

If the authorities can gain one-time physical access to one of the computers in the Skype network, all encrypted communication to and from that computer as an end point can be compromised regardless of how well Skype has designed its system (this does not include messages relayed by that computer if Skype has done things right).

This is not to suggest that Skype is a bad product or that all open-source encryption solutions are safe, but a closed-source system is only as trustworthy as its authors.

Arnold Reinhold

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to