Interesting People mailing list archives
I more on Simson Garfinkel analyses Skype - Open Society Institute
From: David Farber <dave () farber net>
Date: Fri, 28 Jan 2005 20:53:28 -0500
------ Forwarded Message From: Brad Templeton <btm () templetons com> Organization: http://www.templetons.com/brad Date: Fri, 28 Jan 2005 17:22:29 -0800 To: David Farber <dave () farber net> Cc: <daw () cs berkeley edu>, <adam () shostack com>, <simsong () csail mit edu> Subject: Re: [IP] Simson Garfinkel analyses Skype - Open Society Institute
I'm sorry to pick nits, but I have to stand by my statement. No matter how atrociously bad other systems may be, I don't see any basis for saying that Skype is any better. It might be better, or it might be just as bad. We don't know.
While I fully agree that one can have much more confidence in a security system which can be independently analysed and verified as secure, it is exactly the attitude above, common in the security community, which I believe has stopped us from deploying security. "Some" security, even things like DES (which our own foundation proved can be crackable), poorly chosen keys, algorithms with flaws, protocols that are vulnerable to men in the middle, and proprietary encryption systems -- all of these are often declared to be "no better" than having no encryption at all. And so, people, buying that argument, often give us no encryption at all, because encryption is hard to do well, and if people keep telling you that you have to do it perfectly or you might as well not bother -- then people don't bother. The truth is, most people's threat models are not the same as a security consultants. They accept that if the NSA wants to man-in-the-middle them, the NSA is going to succeed. Skype has resisted basic efforts by skilled reverse engineers to look at its protocols. That doesn't mean they are secure, but it does mean they are secure from basic efforts. If I wanted to listen in your your skype call and had a tap on your ethernet, I would at least have to put a lot of work into it, and possibly could not do it at all. That is a _lot_ more than what is true with in-the-clear SIP, where I could slap a packet sniffer on your net and hear your call fairly trivially, and with certainty that I would succeed. This is, in fact, a huge difference. Encryption is really about how hard you make it for the attacker. Because above a certain level of hardness there are a lot of easier ways into your network and computer. So yes, let's decry that we can't verify Skype's encryption and must take their word that it is resistent to attack. But let's not promote this attitude that it is no better than nothing. ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- I more on Simson Garfinkel analyses Skype - Open Society Institute David Farber (Jan 28)