Re: How to encrypt voice skype calls?

["Fabio Pietrosanti (naif)" <lists () infosecurity ch>]

Arturo 'Buanzo' Busleiman wrote:
> I'm pretty sure an alsa (sorry, no windows here) audio 
> encryption/decryption plugin could be
> written, and have that mic/speak interface be used by skype.

Be careful!

Scrambling != encryption !!!!!

Scrambling it's applied to an analog signal to convert some frequencies.

SIGSALY it's Secure Digital Voice Communications in World War II:
 - http://en.wikipedia.org/wiki/SIGSALY
 - http://www.flickr.com/photos/44165698@N00/2534235949/


If you scramble your voice, staying within the frequencies allowed by 
the narrowband compression codec used by skype you cannot have a full 
digital path on which encipher a data stream with a good encryption 
algorithm (that process bucks of data and not frequencies).

There are no secure scrambling technology.

The only way to secure a voice path is to have a digital path enciphered 
on which you put the compressed voice sample.

But working on the "analog" processing the voice before it's compressed 
it's NOT an option.

For such reason i was wondering how this could be accomplished on a 
Skype based call.

Maybe by enciphered audio samples directly in the memory of skype:

- Hooking into skype to encipher audio samples before they are packed in 
a frame?
- Hooking into skype to encipher audio samples after they are packed in 
a frame?

Or maybe by leveraging the skype transport for the "digital path" and 
using our own encoding/decoding framework:

- Changing some bunch of data (from offset X to offset Y) in the ip 
packets "on the net"? (There's some checksum?)

Are all funky ideas, but i mean, i don't trust skype :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/