Do you have some articles about these protocols?
The authoritative reference for TLS is the TLS RFC
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why
they wouldn't use these as they stand,
Marcel Popescu [EMAIL PROTECTED] writes:
From: [EMAIL PROTECTED] [mailto:owner-
[EMAIL PROTECTED] On Behalf Of Peter Gutmann
I can't understand why they didn't just use TLS for the handshake (maybe
YASSL) and IPsec sliding-window + ESP for the transport (there's a free
minimal
On 10/31/05, Kuehn, Ulrich [EMAIL PROTECTED] wrote:
There are results available on this issue: First, a paper by
Boneh, Joux, and Nguyen Why Textbook ElGamal and RSA Encryption
are Insecure, showing that you can essentially half the number
of bits in the message, i.e. in this case the
From: [EMAIL PROTECTED] [mailto:owner-
[EMAIL PROTECTED] On Behalf Of Peter Gutmann
I can't understand why they didn't just use TLS for the handshake (maybe
YASSL) and IPsec sliding-window + ESP for the transport (there's a free
minimal implementation of this whose name escapes me for use by
Jack Lloyd [EMAIL PROTECTED] writes:
I just reread those sections and I still don't see anything about RSA
encryption padding either. 3.2.2 just has some useless factoids about the RSA
implementation (but neglects to mention important implementation points, like
if blinding is used, or if
]; cryptography@metzdowd.com
Subject: Re: [EMAIL PROTECTED]: Skype security evaluation]
Wasn't there a rumor last year that Skype didn't do any encryption
padding, it just did a straight exponentiation of the plaintext?
Would that be safe, if as the report suggests, the data being
encrypted
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk
Gesendet: Freitag, 28. Oktober 2005 06:07
An: [EMAIL PROTECTED]; cryptography@metzdowd.com
Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation]
Wasn't there a rumor last year
On Mon, 24 Oct 2005, cyphrpunk wrote:
Is it possible that Skype doesn't use RSA encryption? Or if they do,
do they do it without using any padding, and is that safe?
You may want to read the report itself:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
and
On Wed, Oct 26, 2005 at 07:47:22AM -0700, Dirk-Willem van Gulik wrote:
On Mon, 24 Oct 2005, cyphrpunk wrote:
Is it possible that Skype doesn't use RSA encryption? Or if they do,
do they do it without using any padding, and is that safe?
You may want to read the report itself:
On 10/23/05, Travis H. [EMAIL PROTECTED] wrote:
My understanding of the peer-to-peer key agreement protocol (hereafter
p2pka) is based on section 3.3 and 3.4.2 and is something like this:
A - B: N_ab
B - A: N_ba
B - A: Sign{f(N_ab)}_a
A - B: Sign{f(N_ba)}_b
A - B: Sign{A, K_a}_SKYPE
B -
On Sun, 23 Oct 2005, Joseph Ashwood wrote:
- Original Message - Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype
That's a fairly interesting review, and Skype should be commended for
hiring someone to do it. I hope to see more evaluations from vendors
in the future.
However, I have a couple of suggestions.
My understanding of the peer-to-peer key agreement protocol (hereafter
p2pka) is based on section
- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the
13 matches
Mail list logo