Re: Encrypted traffic dropped?

[Alexander Klimov <alserkli () inbox ru>]

On Thu, 18 May 2006 barcajax () gmail com wrote:

> I have recently installed SimpLite-MSN software
> (http://www.secway.fr/us/products/simplite_msn/) to encrypt my IM
> messages.

First of all, it is not very smart to use non--open-source software
for real security.

There is infinite number of ways how RSA and AES can be used to create
insecure protocol.  Apparently, there is no specification of the
protocol they use...

> For this software to work, it requires both the sender and
> receipient to both have this software installed and running during
> the IM session. SimpLite behaves as a proxy so MSN Messenger talks
> to SimpLite locally and SimpLite will exchange traffics with the MSN
> network.

It is not clear: they use the messenger protocol with encryption
of the messages, or they use their own protocol and convert messages
to the messenger protocol locally?

> Seems that his ISP is able to recognise that the packets that are
> being exchanged are encrypted and dropped accordingly because he is
> able to resume using MSN Messenger only after turning off SimpLite.
> Is my hypothesis correct? If yes, would anyone hazard a guess how
> the ISP is doing so?

Since it is quite unlikely that ISP checks whether messages are plain
text or cipher text, I guess that they use their own protocol, and
this protocol or (more likely) the ports it uses are blocked.

It is possible to distinguish plain text from cipher text using the
entropy estimates: cipher text looks like a stream of random numbers
and is not compressible, but plain text is easily compressible. ISP
can just calculate what is the compression ratio of a message and acts
accordingly. (Of course, this strategy can be easily neutralized by
using steganographic techniques.)

-- 
Regards,
ASK