By John Leyden
9th July 2010
Cryptoanalysts have published what they claim is the secret recipe
behind a Skype encryption algorithm.
A group of code breakers led by Sean O'Neil reckon they have
successfully reverse engineered Skype's implementation of the RC4
cipher, one of several encryption technologies used by the
consumer-oriented VoIP service. The proprietary encryption technology is
used by the VoIP service to protect communications exchanged between its
its clients and severs. It also restricts what clients can access the
service, a restriction Skype had plans to ease with the upcoming
publication of an API.
Even if independent research proves that the proprietary RC4 algorithm
has been exposed it doesn't follow that Skype is open to eavesdroppers,
not least because the service uses a variety of encryption techniques.
O'Neil justified the publication of an open source emulation of the
algorithm by arguing that Skype's technology is already under
exploitation by instant message spammers, so his work only levels the
playing field for security researchers. He criticised Skype for
practising "security by obscurity" in keeping its algorithm secret for
so long. O'Neil reportedly plans to explain his research in greater
depth at a presentation before the Chaos Communication Congress (27C3)
in Berlin in December.
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com