Friday, July 25, 2008

Backdoor in Skype?

We need an open-source replacement

It has long been speculated that there might be a backdoor built into Skype, something that would allow Skype (the company) or the police to easily monitor Skype conversations. Skype is closed software and can therefore not be examined on the source level. In fact, the Skype executable code has been deliberately obfuscated to resist any attempt of analysis.

Skype claims that it uses strong encryption and that therefore your conversations are secure. But new indications have now emerged that it might not be quite as secure as they would like us to believe. According to this article here, police in Austria recently claimed that listening to Skype conversations is not a problem for them anymore. And Skype refused to comment on this or deny it.

Skype supposedly uses the AES encryption algorithm, which is open, has been thoroughly analysed and is generally found to be very secure. However, claiming to use an algorithm is different from actually implementing it. And besides, during setup of the conversation there is a key exchange phase, which is handled by an entirely different proprietary algorithm, which has not enjoyed the scrutinty of security experts.

Please refer here to read full details.

No comments: