Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SKYPE - What's the latest in terms of Risk...

From: Vincent Stoffer <vince () REED EDU>
Date: Fri, 21 Dec 2007 08:27:26 -0800
Here's some details on Skype's security implementation:

http://share.skype.com/sites/security/2005/10/skype_security_and_encryption.html

A clip from the summary:

Skype makes user of a number of cryptographic primitives in order to
achieve its security goals. There is no proprietary encryption in
Skype. The cryptographic primitives used in Skype are: the AES block
cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature
padding scheme, the SHA-1 hash function, and the RC4 stream cipher.


Vince


* Chris Edwards <chris () ENG GLA AC UK> [071221 02:53]:

On Thu, 20 Dec 2007, Mike Corcoran wrote:

| Not True, at least in general.  The new firewall from
| PaloAlto Networks decrypts SSL traffic by doing a
| man-in-the-middle attack, and allows  you to filter
| even on encrypted traffic.  I don't know if there are
| any issues with Skype's SSL implementation, but PaloAlto

Hi,

AFAIK, Skype does not use SSL.  It uses it's own propriatory encryption
system.  Sometimes over TCP port 443.  Not it's not SSL.



--
__   ___ _ __   ___ ___
\ \ / / | '_ \ / __/ _ \   Vincent Stoffer   Network Security Administrator
 \ V /| | | | | (_|  __/   Reed College      Portland, Oregon
  \_/ |_|_| |_|\___\___|   vince () reed edu    503-788-6695
Previous By Date Next
Previous By Thread Next

Current thread: