VOIP Security

By Daniel Miessler on July 26th, 2005: Tagged as General

Looks like Phil Zimmerman (the creator of PGP) is tackling the lack of encryption in most VOIP implementations. I think this is a worthy cause, of course, but I can’t help but notice that Skype already has encryption built in to both calls and IM by default (256-bit AES/Rijndael, even).

Here’s what Skype has to say about the encryption used:

“Skype uses AES (Advanced Encryption Standard) – also known as Rijndael – which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.”

Skype rocks. If you’re not using it, go get yourself a copy.

  • http://www.skryking.net/ Jason Ormes

    I’ve been thinking about skypes security… is it possible to trace the route that the traffic takes? how do we know theres not some intermediate stop for the traffic where its being recorded? Do we take skype’s word for it?

    Jason

  • http://www.skryking.net Jason Ormes

    I’ve been thinking about skypes security… is it possible to trace the route that the traffic takes? how do we know theres not some intermediate stop for the traffic where its being recorded? Do we take skype’s word for it?

    Jason

  • http://www.dmiessler.com Daniel

    The key is the end to end encryption. Capturing data does nothing for an attacker really, unless they can crack 256-bit Rijndael.

  • http://www.dmiessler.com/ Daniel

    The key is the end to end encryption. Capturing data does nothing for an attacker really, unless they can crack 256-bit Rijndael.

  • http://www.skryking.net/ Jason Ormes

    are you sure its end to end. we never create unique keys. there could be an intermediary server that you and I are talking to that decripts and then reencrypts the traffic. Unless you’ve seen something that points otherwise.

    Jason

  • http://www.skryking.net Jason Ormes

    are you sure its end to end. we never create unique keys. there could be an intermediary server that you and I are talking to that decripts and then reencrypts the traffic. Unless you’ve seen something that points otherwise.

    Jason

  • http://www.dmiessler.com/ Daniel

    Yes, I’m quite sure it’s end-to-end. We do in fact create unique keys just for this purpose. Here, let me append the post with the encryption information.

    (Check the post again)

  • http://www.dmiessler.com Daniel

    Yes, I’m quite sure it’s end-to-end. We do in fact create unique keys just for this purpose. Here, let me append the post with the encryption information.

    (Check the post again)

  • http://sipthat.com/archives/000352.html SIPthat.com – Erik’s daily musings on VoIP and IP Communications

    VoIP Security Interview with Rohan Mahy

    Open Standards VoIP Security – On the Fast Track I had the opportunity to speak with Rohan Mahy yesterday and we had some great conversation about existing and new VoIP Security specifications proposed by the IETF. We talked about TLS,…

blog comments powered by Disqus

Original Content


Trending

Popular

Information Security / Technology

Politics

Philosophy & Religion

Technology & Science

Culture & Society

Miscellaneous


Discovered Content

Top Blog Categories