"Marcel Popescu" <[EMAIL PROTECTED]> writes:
>> From: [EMAIL PROTECTED] [mailto:owner-
>> [EMAIL PROTECTED] On Behalf Of Peter Gutmann
>
>> I can't understand why they didn't just use TLS for the handshake (maybe
>> YASSL) and IPsec sliding-window + ESP for the transport (there's a free
>> minimal
> Do you have some articles about these protocols?
The authoritative reference for TLS is the TLS RFC
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why
they wouldn't use these as they stand, s
- Original Message -
From: "Marcel Popescu" <[EMAIL PROTECTED]>
Subject: RE: [EMAIL PROTECTED]: Skype security evaluation]
From: [EMAIL PROTECTED] [mailto:owner-
[EMAIL PROTECTED] On Behalf Of Peter Gutmann
I can't understand why they didn't just use TL
On 10/31/05, Kuehn, Ulrich <[EMAIL PROTECTED]> wrote:
> There are results available on this issue: First, a paper by
> Boneh, Joux, and Nguyen "Why Textbook ElGamal and RSA Encryption
> are Insecure", showing that you can essentially half the number
> of bits in the message, i.e. in this case the s
> From: [EMAIL PROTECTED] [mailto:owner-
> [EMAIL PROTECTED] On Behalf Of Peter Gutmann
> I can't understand why they didn't just use TLS for the handshake (maybe
> YASSL) and IPsec sliding-window + ESP for the transport (there's a free
> minimal implementation of this whose name escapes me for us
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk
> Gesendet: Freitag, 28. Oktober 2005 06:07
> An: [EMAIL PROTECTED]; cryptography@metzdowd.com
> Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation]
>
&
7 AM
> To: [EMAIL PROTECTED]; cryptography@metzdowd.com
> Subject: Re: [EMAIL PROTECTED]: Skype security evaluation]
>
> Wasn't there a rumor last year that Skype didn't do any encryption
> padding, it just did a straight exponentiation of the plaintext?
>
> Would that be
Wasn't there a rumor last year that Skype didn't do any encryption
padding, it just did a straight exponentiation of the plaintext?
Would that be safe, if as the report suggests, the data being
encrypted is 128 random bits (and assuming the encryption exponent is
considerably bigger than 3)? Seems
Jack Lloyd <[EMAIL PROTECTED]> writes:
>I just reread those sections and I still don't see anything about RSA
>encryption padding either. 3.2.2 just has some useless factoids about the RSA
>implementation (but neglects to mention important implementation points, like
>if blinding is used, or if si
On Wed, Oct 26, 2005 at 07:47:22AM -0700, Dirk-Willem van Gulik wrote:
> On Mon, 24 Oct 2005, cyphrpunk wrote:
>
> > Is it possible that Skype doesn't use RSA encryption? Or if they do,
> > do they do it without using any padding, and is that safe?
>
> You may want to read the report itself:
>
On Mon, 24 Oct 2005, cyphrpunk wrote:
> Is it possible that Skype doesn't use RSA encryption? Or if they do,
> do they do it without using any padding, and is that safe?
You may want to read the report itself:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
an
On 10/23/05, Travis H. <[EMAIL PROTECTED]> wrote:
> My understanding of the peer-to-peer key agreement protocol (hereafter
> p2pka) is based on section 3.3 and 3.4.2 and is something like this:
>
> A -> B: N_ab
> B -> A: N_ba
> B -> A: Sign{f(N_ab)}_a
> A -> B: Sign{f(N_ba)}_b
> A -> B: Sign{A, K_a
That's a fairly interesting review, and Skype should be commended for
hiring someone to do it. I hope to see more evaluations from vendors
in the future.
However, I have a couple of suggestions.
My understanding of the peer-to-peer key agreement protocol (hereafter
p2pka) is based on section 3.3
On Sun, 23 Oct 2005, Joseph Ashwood wrote:
- Original Message - Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype websi
- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the cover
15 matches
Mail list logo