[p2p-hackers] Re: Simson Garfinkel analyses Skype - Open Society Institute (fwd from pgut001@cs.auckland.ac.nz)

[Eugen Leitl]

(followup on Simson's paper on Skype security, or, rather, its crypto snake
oil content)

----- Forwarded message from Peter Gutmann <pgut001 at cs.auckland.ac.nz> -----

From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 12 Jan 2005 05:00:29 +1300
To: daw-usenet at taverner.CS.Berkeley.EDU
Cc: cryptography at metzdowd.com
Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute

David Wagner <daw at cs.berkeley.edu> writes:

>>Is Skype secure?
>
>The answer appears to be, "no one knows".  

There have been other posts about this in the past, even though they use known
algorithms the way they use them is completely homebrew and horribly insecure:
Raw, unpadded RSA, no message authentication, no key verification, no replay
protection, etc etc etc.  It's pretty much a textbook example of the problems
covered in the writeup I did on security issues in homebrew VPNs last year.

(Having said that, the P2P portion of Skype is quite nice, it's just the
 security area that's lacking.  Since the developers are P2P people, that's
 somewhat understandable).

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://zgp.org/pipermail/p2p-hackers/attachments/20050127/279a03de/attachment.pgp