VOIP Security

By Daniel Miessler on July 26th, 2005: Tagged as General

Looks like Phil Zimmerman (the creator of PGP) is tackling the lack of encryption in most VOIP implementations. I think this is a worthy cause, of course, but I can’t help but notice that Skype already has encryption built in to both calls and IM by default (256-bit AES/Rijndael, even).

Here’s what Skype has to say about the encryption used:

“Skype uses AES (Advanced Encryption Standard) – also known as Rijndael – which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.”

Skype rocks. If you’re not using it, go get yourself a copy.

  • Digg
  • Reddit
  • HackerNews
  • StumbleUpon
  • DZone
  • Google Bookmarks
  • Twitter
  • Facebook
  • del.icio.us
  • FriendFeed
  • Posterous
  • RSS
  • email
  

Comments

  • I've been thinking about skypes security... is it possible to trace the route that the traffic takes? how do we know theres not some intermediate stop for the traffic where its being recorded? Do we take skype's word for it?

    Jason
  • The key is the end to end encryption. Capturing data does nothing for an attacker really, unless they can crack 256-bit Rijndael.
  • are you sure its end to end. we never create unique keys. there could be an intermediary server that you and I are talking to that decripts and then reencrypts the traffic. Unless you've seen something that points otherwise.

    Jason
  • Yes, I'm quite sure it's end-to-end. We do in fact create unique keys just for this purpose. Here, let me append the post with the encryption information.

    (Check the post again)
blog comments powered by Disqus

Twitter Microblog

twitter_icon      facebook_icon

Sample Original Content


Information Security

Tutorials and Primers

Culture & Society

Technology & Science

Politics

Philosophy & Religion

Miscellaneous

Tools & Projects


Blog Archives