I hate arguing by analogy, but: VOIP is a perfectly smooth system. It's lack of security features mean there isn't even a ridge to trip you up as you wiretap. Skype has some ridge. It may turn out that it's very very low, but its there. Even if that's just the addition of an openssl decrypt line to a reconstruct shell script.
In that case, the value of 'better' is vanishingly small, but it will still take an attacker at least 5 minutes to figure that out.
I would contend that a false sense of security is worse than no security at all. Someone's behavior may be different if they are wrongfully assuming that their communications are encrypted by what they believe is strong encryption when if fact it may be "very very low".
--
Mark Allen Earnest Lead Systems Programmer Emerging Technologies The Pennsylvania State University
smime.p7s
Description: S/MIME Cryptographic Signature
