Re: Can Skype be wiretapped by the authorities?

2004-05-25 Thread Enzo Michelangeli
- Original Message - 
From: Bill Stewart [EMAIL PROTECTED]
Sent: Sunday, May 09, 2004 12:44 PM
Subject: Re: Can Skype be wiretapped by the authorities?


[...]
 BUT, unfortunately, the implementation is closed source, so there
 are no guarantees that the software is not GAKked.

 Also no guarantee that it's not implemented sufficiently
 incompetently that the Authorities can't crack it if they want.
 Somebody else's message confirmed that there's a competence problem,
 though there may not be exploits.

Or, not exploits we're aware of...

[...]
 Skype uses a supernode structure to implement reflector service,
 so it doesn't have the same centralization problems.

Right, that's precisely my point. Skype is showing us the way to go,
although the security of the product may not be good enough (and being
closed source, it's automatically untrusted).

 They don't document it well enough to know if it's possible to
 wiretap a message by using a corrupt supernode as MITM, but perhaps.
 It's frustrating that they use proprietary protocols for everything.

That's understandable considering their business model. But I see Skype as
a proof of feasibility for the real thing: an opensource application
built on sound bases.

 Their audio codec, however, is developed by a reputable company
 (brain spacing out on their name, but I'd seen them before.)

I've read that Skype uses an iLBC codec implemented by Global IP Sound.
There is also an opensource implementation of it (www.ilbcfreeware.org),
although its license contains weaselspeak clauses that I don't like very
much: http://www.globalipsound.com/legal/licenses.php .

 Most of that company's codec designs are intended for boring
 telephony-style 4khz mono audio, 64kbps uncompressed,
 something small compressed, with really good loss/noise resistence,
 rather than doing 7kHz or 11kHz audio or stereo sound,
 but I don't know which codecs they've chosen.

From what I've seen, Speex (www.speex.org) would represent a better
choice, and is totally unencumbered.

I believe that we are finally close to the point where all the bits and
pieces for a secure, multiplatform, decentralized, opensource Internet
phone + text IM are available, and it would only take some coding effort
to put them to work together:

- Codec: Speex (www.speex.org)
- Portable audio interface layer: Portaudio (www.portaudio.com)
- Bulk encryption and authentication: SRTP, now a standard-track protocol
(RFC3711) and with an opensource reference implementation available at
srtp.sourceforge.net .
- Key exchange: authenticated D-H (how to perform the authentication, as I
said, should be discussed: biometric is not viable if only the text chat
feature is used, and multy-party conferencing calls for suitable
extensions to the basic D-H scheme)
- Directory and presence: any good P2P content-addressable scheme.
Preserving some sort of interoperability with file-sharing applications
would solve the bootstrapping problem (hundreds of thousands of nodes are
already up and running), but the most popular networks (eMule, Overnet and
ReverseConnect) are based on Kademlia, which is a Distributed Hash Table
algorithm and therefore doesn't allow sorted access (useful, e.g., to
locate the reflector with the largest available bandwidth). I recently
discovered a few tree-based distributed algorithms which would allow just
that:

P-trees:
http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2004-1926

SkipGraphs: http://www.cs.yale.edu/homes/shah/html/pubs/skip-graphs.html

P-Grid: http://www.p-grid.org

Enzo

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Can Skype be wiretapped by the authorities?

2004-05-08 Thread Joseph Ashwood
- Original Message - 
From: Axel H Horns [EMAIL PROTECTED]
Subject: Can Skype be wiretapped by the authorities?


 Is something known about the details of the crypto protocol within
 Skype? How reliable is the encryption?

While Skype is generally rather protective of their protocol, there have
been leaks, in fact one elak that I am aware of was to me personally,
unfortunately I do not have the protocol any more it just wasn't worth
saving. With that said the protocol is horribly and completely worthless,
they brag about using 1536-2048 bit RSA, but what they dont' tell you is
that when I saw the protocol the key was directly encrypted without padding,
it's also worth noting that when I said key that wasn't a typo, there was
only one, although it was hashed to create two. There was a complete lack of
message authentication, a complete lack of key verification, a complete lack
of one-timeness to the transfers, basically a complete lack of security,
even their user verification was flawed to the point where it was completely
worthless. Assuming that they have not changed their protocol substantially
(likely considering no one would listen to the individual that leaked it to
me, and hence was given the breaks) the protocol is still horribly insecure,
and pointlessly complex. The ONLY functional security it has is that it is
peer2peer and as such it is harder to eavesdrop.
Joe

Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]