AOH :: ISNQ6487.HTM

Reverse engineer extracts Skype crypto secret recipe




Reverse engineer extracts Skype crypto secret recipe
Reverse engineer extracts Skype crypto secret recipe



http://www.theregister.co.uk/2010/07/09/skype_crypto/ 

By John Leyden 
The Register
9th July 2010 

Cryptoanalysts have published what they claim is the secret recipe 
behind a Skype encryption algorithm.

A group of code breakers led by Sean O'Neil reckon they have 
successfully reverse engineered Skype's implementation of the RC4 
cipher, one of several encryption technologies used by the 
consumer-oriented VoIP service. The proprietary encryption technology is 
used by the VoIP service to protect communications exchanged between its 
its clients and severs. It also restricts what clients can access the 
service, a restriction Skype had plans to ease with the upcoming 
publication of an API.

Even if independent research proves that the proprietary RC4 algorithm 
has been exposed it doesn't follow that Skype is open to eavesdroppers, 
not least because the service uses a variety of encryption techniques.

O'Neil justified the publication of an open source emulation of the 
algorithm by arguing that Skype's technology is already under 
exploitation by instant message spammers, so his work only levels the 
playing field for security researchers. He criticised Skype for 
practising "security by obscurity" in keeping its algorithm secret for 
so long. O'Neil reportedly plans to explain his research in greater 
depth at a presentation before the Chaos Communication Congress (27C3) 
in Berlin in December.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods