Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Security and Privacy Concerns

Posted by Zonk on from the conversations-can-hurt dept.

CDMA_Demo writes "Scott Granneman at Security Focus is discussing the security and privacy issues thanks to eBay's acquisition of Skype. Says the help section on Skypke's website: 'Skype uses AES (Advanced Encryption Standard), also known as Rijndael, which is used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.' Scott Granneman debates that since Skype is owned by eBay and is closed source, we have no way of verifying this claim. Further, from the article: 'At the CyberCrime 2003 conference, Joseph E. Sullivan, Director of Compliance and Law Enforcement Relations for eBay, had this to say to a group of law enforcement officials: 'I know from investigating eBay fraud cases that eBay has probably the most generous policy of any internet company when it comes to sharing information.' This raises interesting questions about how Skype and eBay together will try to avert cyber criminals from using security flaws in either system to their advantage.'"

7 of 128 comments (clear)

  1. 1.1 x 1077 keys? by TrevorB · · Score: 4, Funny

    All that new CSS and no superscripts?

  2. 1.1 x 1077 possible keys by Anm · · Score: 2, Funny

    I think I can manage to brute force 1185 keys by hand, let alone with a computer. (Guess the tag didn't copy into the text input very well.)

    Anm

    1. Re:1.1 x 1077 possible keys by big.iron.wiz · · Score: 1, Funny

      With all those keys in your hand, would'nt there be a problem typing the code needed to crack the safe?

      --
      I am portuguese. If you think my written english is bad, try posting in portuguese!
    2. Re:1.1 x 1077 possible keys by mysqlrocks · · Score: 2, Funny

      How long would it take 50,000 monkeys at 50,000 typewriters to crack this?

      --
      Bradley Holt
  3. OK, that's it by ObjetDart · · Score: 4, Funny
    I'm switching back to my regular phone.

    Oh, wait...

    --
    I read Usenet for the articles.
  4. there is a more interesting question by toby · · Score: 3, Funny
    This raises interesting questions about how Skype and eBay together will try to avert cyber criminals from using security flaws in either system to their advantage.

    What about "how eBay will try to help over-enthusiastic law enforcement deprive users of privacy"?

    Nah. Could never happen in a "freedom" loving country!

    --
    you had me at #!
  5. Skypke's website by kherrick · · Score: 1, Funny

    I love Skypke. I wish everyone used Skypke.