Security Basics mailing list archives
Re: Encrypted traffic dropped?
From: Alexander Klimov <alserkli () inbox ru>
Date: Sun, 21 May 2006 13:32:17 +0300 (IDT)
On Thu, 18 May 2006 barcajax () gmail com wrote:
I have recently installed SimpLite-MSN software (http://www.secway.fr/us/products/simplite_msn/) to encrypt my IM messages.
First of all, it is not very smart to use non--open-source software for real security. There is infinite number of ways how RSA and AES can be used to create insecure protocol. Apparently, there is no specification of the protocol they use...
For this software to work, it requires both the sender and receipient to both have this software installed and running during the IM session. SimpLite behaves as a proxy so MSN Messenger talks to SimpLite locally and SimpLite will exchange traffics with the MSN network.
It is not clear: they use the messenger protocol with encryption of the messages, or they use their own protocol and convert messages to the messenger protocol locally?
Seems that his ISP is able to recognise that the packets that are being exchanged are encrypted and dropped accordingly because he is able to resume using MSN Messenger only after turning off SimpLite. Is my hypothesis correct? If yes, would anyone hazard a guess how the ISP is doing so?
Since it is quite unlikely that ISP checks whether messages are plain text or cipher text, I guess that they use their own protocol, and this protocol or (more likely) the ports it uses are blocked. It is possible to distinguish plain text from cipher text using the entropy estimates: cipher text looks like a stream of random numbers and is not compressible, but plain text is easily compressible. ISP can just calculate what is the compression ratio of a message and acts accordingly. (Of course, this strategy can be easily neutralized by using steganographic techniques.) -- Regards, ASK
Current thread:
- Encrypted traffic dropped? barcajax (May 20)
- Re: Encrypted traffic dropped? Alexander Klimov (May 23)