[Moderator's note: Please don't send giant run on paragraphs to the
list. They're hard to read. --Perry]
From: Marcos el Ruptor [EMAIL PROTECTED]
Interesting. Of course, with the possible exception of Skype,
only the over-the-network part of the communication is
protected. The IM providers can still give the contents of your
communications to third parties.
As far as I can tell after having reverse engineered its protocol,
Skype is actually very well made with a few exceptions that would
still be next to impossible to exploit for a street hacker (and
A year ago when I took a hard look at the Skype login protocol (via public
reverse engineering publications, etc.), I determined that the user id to
public key binding was fundamentally weak. If I remember correctly they were
vulnerable to at least one attack, a dictionary attack against a password of a
user account is possible using the Skype login client-server messages (they
can't tell you are attacking since the account name and password are hashed
together in the public key/AES encrypted request and you are using one of the
well-known 14+ valid Skype public keys). Their multiple layering of crypto
obscures things but with software one can automate the building of the login
request encrypted layers fairly easily. Once you get a valid user cert from
the login attack it looks like that account is permanently compromised (I
didn't see any user cert validity period). Because of Kerckhoff's principles
there is really no way Skype can prevent this attack (basically they are using
the data channel itself to distribute the user certs (with public private
auth keys) to then establish an enciphered phone session over it). They also
have at least one back door mechanism in place, which could be used to quickly
compromise a user password. They allow a user that forgot their password to
have it reset and sent to their enrollment email address so that a Tier 1 IDS
like Narus could easily scoop it up (this requires careful social engineering).
Also, any SSL traffic to a Skype server can be MITM intercepted (say via a
Bluecoat ProxySG appliance) using a ICA cert from a major CA vendor (or
internal corporate CA) and any user passwords could be scooped up that way as
well.
Thus a retail level wiretap attack against a particular user is quite possible.
Having said that because the 14+ private Skype keys are (only?) stored on
their servers, it does not look like a wholesale attack against the Skype
system is easy to do (although they did use MD5 in their login algorithm).
However, given this centralization of Skype keys, they certainly could
cooperate with any CALEA warrants, etc., by giving police the user certs to be
wiretapped (which still requires an active MITM during the setup handshake of
the encrypted channel between the two user end-points). Of course, if physical
theft occurs of the 14+ Skype PKI private keys then the whole security ediface
will collapse.
- Alex
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
