<<< Date Index >>>     <<< Thread Index >>>

[IP] I more on Simson Garfinkel analyses Skype - Open Society Institute



------ Forwarded Message
From: Brad Templeton <btm@xxxxxxxxxxxxxx>
Organization: http://www.templetons.com/brad
Date: Fri, 28 Jan 2005 17:22:29 -0800
To: David Farber <dave@xxxxxxxxxx>
Cc: <daw@xxxxxxxxxxxxxxx>, <adam@xxxxxxxxxxxx>, <simsong@xxxxxxxxxxxxx>
Subject: Re: [IP] Simson Garfinkel analyses Skype - Open Society Institute

> I'm sorry to pick nits, but I have to stand by my statement.  No matter
> how atrociously bad other systems may be, I don't see any basis for saying
> that Skype is any better.  It might be better, or it might be just as bad.
> We don't know.

While I fully agree that one can have much more confidence in a
security system which can be independently analysed and verified
as secure, it is exactly the attitude above, common in the security
community,  which I believe has stopped us from deploying security.

"Some" security, even things like DES (which our own foundation proved
can be crackable), poorly chosen keys, algorithms with flaws, protocols
that are vulnerable to men in the middle, and proprietary encryption
systems -- all of these are often declared to be "no better" than having
no encryption at all.

And so, people, buying that argument, often give us no encryption at
all, because encryption is hard to do well, and if people keep telling
you that you have to do it perfectly or you might as well not bother --
then people don't bother.

The truth is, most people's threat models are not the same as a security
consultants.   They accept that if the NSA wants to man-in-the-middle
them, the NSA is going to succeed.

Skype has resisted basic efforts by skilled reverse engineers to
look at its protocols.  That doesn't mean they are secure, but it
does mean they are secure from basic efforts.  If I wanted to listen
in your your skype call and had a tap on your ethernet, I would at
least have to put a lot of work into it, and possibly could not do it
at all.    That is a _lot_ more than what is true with in-the-clear SIP,
where I could slap a packet sniffer on your net and hear your call fairly
trivially, and with certainty that I would succeed.

This is, in fact, a huge difference.   Encryption is really about how
hard you make it for the attacker.  Because above a certain level
of hardness there are a lot of easier ways into your network and
computer. 

So yes, let's decry that we can't verify Skype's encryption and must
take their word that it is resistent to attack.  But let's not promote
this attitude that it is no better than nothing.

------ End of Forwarded Message


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/