Interesting People mailing list archives
Simson Garfinkel analyses Skype - Open Society Institute
From: David Farber <dave () farber net>
Date: Fri, 28 Jan 2005 18:59:54 -0500
------ Forwarded Message From: David Wagner <daw () cs berkeley edu> Date: Thu, 27 Jan 2005 15:22:09 -0800 (PST) To: <cryptography () metzdowd com> Subject: Simson Garfinkel analyses Skype - Open Society Institute Adam Shostack <adam () homeport org> writes:
On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | In article <41E07994.5060004 () systemics com> you write: | >Voice Over Internet Protocol and Skype Security | >Is Skype secure? | | The answer appears to be, "no one knows". The report accurately reports | that because the security mechanisms in Skype are secret, it is impossible | to analyze meaningfully its security. Most of the discussion of the | potential risks and questions seems quite good to me. | | But in one or two places the report says things like "A conversation on | Skype is vastly more private than a traditional analog or ISDN telephone" | and "Skype is more secure than today's VoIP systems". I don't see any | basis for statements like this. Unfortunately, I guess these sorts of | statements have to be viewed as blind guesswork. Those claims probably | should have been omitted from the report, in my opinion -- there is | really no evidence either way. Fortunately, these statements are the | exception and only appear in one or two places in the report. The basis for these statements is what the other systems don't do. My Vonage VOIP phone has exactly zero security. It uses the SIP-TLS port, without encryption. It doesn't encrypt anything. So, its easy to be more secure than that. So, while it may be bad cryptography, it is still better than the alternatives. Unfortunately.
I don't buy it. How do you know that Skype is "more secure", let alone "vastly more private"? Maybe Skype is just as insecure as those other systems. For all we know, maybe Skype is doing the moral equivalent of encrypting with the all-zeros key, or using a repeating xor with a many-time pad, or somesuch. Without more information, we just don't know. I'm sorry to pick nits, but I have to stand by my statement. No matter how atrociously bad other systems may be, I don't see any basis for saying that Skype is any better. It might be better, or it might be just as bad. We don't know. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo () metzdowd com ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Simson Garfinkel analyses Skype - Open Society Institute David Farber (Jan 28)