[IP] more on skype
Begin forwarded message:
From: Stephan Somogyi <ip045@xxxxxxxxxxxxxxxx>
Date: August 12, 2005 4:27:19 PM EDT
To: dave@xxxxxxxxxx
Subject: Re: [IP] skype
What reason do we have to trust Skype's end-to-end encryption today?
Skype hasn't shown any inclination to describe either its protocol or
crypto implementation, much less release source code. Simson
Garfinkel's paper showed that Skype traffic is obscured, but his
findings give us no way to objectively assess actual security
provided. For all we know, Skype's use of crypto is as secure as ROT13.
It bothers me how readily we forget WEP: An IEEE standards committee
concocted a system -- using fully buzzword-compliant crypto -- that
resulted in a standard that proved ineffective even against
lackadaisical attack.
If Skype cared about proving to its customers that its system was
secure, it would already have done so. Instead, it continues to
practice security through obscurity.
A false sense of security is worse than knowingly not having any.
Just because Skype says it offers encryption doesn't mean it provides
any real security at all.
s.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/