----- Original Message ----- From: "Ian G" <[email protected]> Sent: Sunday, January 11, 2009 6:41 AM Subject: Re: [p2p-hackers] Streaming A / V / Text Encryption Methods
> Hi Joe, > > On 11/1/09 08:27, Joseph Ashwood wrote: >> Just as well, Skype's solution is only arguably secure, it is based on >> RC4, >> and my well established opinion is that RC4 should have been retired at >> least 12 years ago, add in that the size of RSA keys they have chosen >> makes >> the security extremely suspect, all told it is at best a marginal design. > > > Hmmm, isn't the RC4 used just to do the primary application decryption > on the client node? Using a locally known key? I thought this was > protection against the local node, not against anyone else. Not entirely sure, never looked too deeply at the Skype security, even only getting to the RSA the key sizes make it marginal. > >>> Also, I'm looking for suitable forums/IRC channels to discuss the topic >>> more. Could the people here suggest me some??? >> >> Your post to sci.crypt delivered a useful answer, you even replied to it. > > > I'd appreciate a link to that, always nice to know. Actually I quoted the entire reply by Paul Rubin, the entire (very brief) conversation might be available at http://groups.google.com/group/sci.crypt/browse_thread/thread/b2f0eb9c84f093c4# Paul Rubin: IPSec supports udp natively, I thought. There is also a version of TLS for UDP. See: http://tools.ietf.org/html/rfc4347 D3||||!$: Yes! Figured that out... DTLS supports UDP as well as DCCP "payload".. But I don't know much about it though... Am already exploring on it - would like more suggestions regarding the "design" aspect of the whole thing... Mark Wooding, replying to Paul Rubin: IPsec (lowercase `s') works at the IP level, either by inserting an additional header between the IP header and the next-layer protocol, or by encapsulating an entire IP packet. It can therefore carry any protocol based on IP, including TCP, UDP, ICMP, and others. Use the `tunnel mode' (which does indeed encapsulate the entire packet); `transport mode' fails to protect the integrity of the outer IP header. Not the deepest conversation ever, but it does give direct answers. As for the applicability for p2p, it really depends on what is meant by p2p. > While we are on the subject, here is a page I keep of "known things that > I think are good to do" when designing secure protocols. > > http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html > > Not especially designed to avoid controversy, pamper the sacred cow, > avoid the false god, etc et al. Those rules have always been great advice. Read them, memorize them, understand them. I've never been one to pamper the sacred cow either, they taste too good after a few hours in the smoker. Joe _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
