Hi Joe, On 11/1/09 08:27, Joseph Ashwood wrote: > Just as well, Skype's solution is only arguably secure, it is based on RC4, > and my well established opinion is that RC4 should have been retired at > least 12 years ago, add in that the size of RSA keys they have chosen makes > the security extremely suspect, all told it is at best a marginal design.
Hmmm, isn't the RC4 used just to do the primary application decryption on the client node? Using a locally known key? I thought this was protection against the local node, not against anyone else. >> Also, I'm looking for suitable forums/IRC channels to discuss the topic >> more. Could the people here suggest me some??? > > Your post to sci.crypt delivered a useful answer, you even replied to it. I'd appreciate a link to that, always nice to know. While we are on the subject, here is a page I keep of "known things that I think are good to do" when designing secure protocols. http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html Not especially designed to avoid controversy, pamper the sacred cow, avoid the false god, etc et al. iang PS: thanks to marc for that link to Skype info, well appreciated! _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
