Interesting People mailing list archives
more on Skype security evaluation
From: David Farber <dave () farber net>
Date: Tue, 25 Oct 2005 13:03:55 -0400
Begin forwarded message: From: Laurent GUERBY <laurent () guerby net> Date: October 25, 2005 9:45:20 AM EDT To: dave () farber net Cc: Ip Ip <ip () v2 listbox com> Subject: Re: [IP] more on Skype security evaluation
From: Lauren Weinstein <lauren () vortex com> [...] Naturally, the code is expected to continue its evolution. But the intractable problem with proprietary crypto systems is that even if we know what they are doing today, we don't necessarily have any way to figure out what they're doing tomorrow, either in terms of accidental or purposeful weaknesses. [...]
No need for new versions: the build process used for Skype real release could compile sources other than the audited sources, the audit could have missed a hidden "thread" in some obscured source part getting the user secret key / passphrase while it's still in memory and shipping it somewhere (or storing it for later uses - obviously not having observed odd behaviour now does not mean there is no possible activation of odd behaviour), etc... Proprietary software vendors will never ever be able to reach security and trust levels offered to users by true open source sofware where anyone can see the code and build his own binary with his own compiler setup (yes I read "Reflections on Trusting Trust" :) or use one from the most trusted amongst open source packaging companies competing on ... trust. Laurent PS: gnomemeeting over openvpn does work for me. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Skype security evaluation David Farber (Oct 25)