VOIP Security

By Daniel Miessler on July 26th, 2005: Tagged as General

Looks like Phil Zimmerman (the creator of PGP) is tackling the lack of encryption in most VOIP implementations. I think this is a worthy cause, of course, but I can’t help but notice that Skype already has encryption built in to both calls and IM by default (256-bit AES/Rijndael, even).

Here’s what Skype has to say about the encryption used:

“Skype uses AES (Advanced Encryption Standard) – also known as Rijndael – which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.”

Skype rocks. If you’re not using it, go get yourself a copy.

Related Content

http://www.skryking.net/ Jason Ormes

I’ve been thinking about skypes security… is it possible to trace the route that the traffic takes? how do we know theres not some intermediate stop for the traffic where its being recorded? Do we take skype’s word for it?

Jason
http://www.skryking.net Jason Ormes

I’ve been thinking about skypes security… is it possible to trace the route that the traffic takes? how do we know theres not some intermediate stop for the traffic where its being recorded? Do we take skype’s word for it?

Jason
http://www.dmiessler.com Daniel

The key is the end to end encryption. Capturing data does nothing for an attacker really, unless they can crack 256-bit Rijndael.
http://www.dmiessler.com/ Daniel

The key is the end to end encryption. Capturing data does nothing for an attacker really, unless they can crack 256-bit Rijndael.
http://www.skryking.net/ Jason Ormes

are you sure its end to end. we never create unique keys. there could be an intermediary server that you and I are talking to that decripts and then reencrypts the traffic. Unless you’ve seen something that points otherwise.

Jason
http://www.skryking.net Jason Ormes

are you sure its end to end. we never create unique keys. there could be an intermediary server that you and I are talking to that decripts and then reencrypts the traffic. Unless you’ve seen something that points otherwise.

Jason
http://www.dmiessler.com/ Daniel

Yes, I’m quite sure it’s end-to-end. We do in fact create unique keys just for this purpose. Here, let me append the post with the encryption information.

(Check the post again)
http://www.dmiessler.com Daniel

Yes, I’m quite sure it’s end-to-end. We do in fact create unique keys just for this purpose. Here, let me append the post with the encryption information.

(Check the post again)
Pingback: SIPthat.com - Erik's daily musings on VoIP and IP Communications
http://pulse.yahoo.com/_KHHXAEEDVDRCJGAMR2WZAQNN3A Gomee Zheng

but our media usually gives so much attention to the athletes,

singers and actresses who deserve recognition, but it’s nice

to see a balance. Thank you

http://www.pumafootwearsale.com

Top

Popular

Information Security / Technology

Politics

Philosophy & Religion

Technology & Science

Culture & Society

Miscellaneous

A Coffee Primer

Arguments

Projects

Collections

Twitter

Motivational Speaking in a World Without Free Will | http://t.co/fqAcoQdu #philosophy
SSD back in MBP. Happy again. RPMs only belong in cars.
Reminder: If you don't know SQL Injection it's because you don't know SQL. Once you understand the technology the security is obvious.
@simonsarris Can't tell if you're agreeing with me or not.
Is Trojan really a good name for a condom company? The original was let in trustingly, released its dangerous payload, and chaos ensued.

What I'm Reading

Favorite Books and Essays

Top Blog Categories

Inputs