Forgot your password?
typodupeerror
Encryption Communications Open Source Software IT

Skype Encryption (Partly) Revealed 151

Posted by timothy
from the skyping-ahead dept.
TSHTF writes "Just weeks after Skype unveiled a public API for the service, a group of cryptographers led by Sean O'Neill have successfully reverse engineered the encryption used by the Skype protocol. Source code is available under a non-commercial license which details Skype's implementation of the RC4 cipher." The linked article cautions, however, that "initial analysis suggests that O'Neill's publication does not mean that Skype's encryption can be considered 'cracked'. Further study will be needed to determine whether key expansion and initialisation vector generation are secure."
This discussion has been archived. No new comments can be posted.

Skype Encryption (Partly) Revealed

Comments Filter:
  • We're on the way to getting 3rd party Skype applications. Neat.
    • by aliquis (678370) <dospam@gmail.com> on Thursday July 08, 2010 @05:03PM (#32845156) Homepage

      You know what would be neater? Something not based on a proprietary system, and there are plenty. (Though it could be argued whatever things like SIP is as good.)

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        SIP isn't that great though because there is no encryption. Sure, there is "encryption" like SRTP for SIP but nobody uses it and practically none of the SIP providers support it (quite possibly none support it; I haven't found one at least).

        Plus there is the whole momentum thing, lots of people use Skype because it's dead easy to install and it generally "just works." However, the Skype client sucks donkey balls. It's buggy and difficult to use in a non-GUI environment.

        With that said, I still use VOIP/SI

      • by Anonymous Coward on Thursday July 08, 2010 @06:15PM (#32845816)

        ...for *video* calls. I use Linux, my daughter uses Apple and my son uses Windows. Skype allows high quality video chat, telephone interconnect/transfer and IP voice calls on all three platforms.

        They may be proprietary and bandwith hogs, but the Skype folks certainly offer a free product with great user appeal. Maybe that's why it's so popular?

        • by jrumney (197329) on Thursday July 08, 2010 @08:14PM (#32846712) Homepage
          SIP based videophone clients are available for all those platforms. They may not be the same client, but because SIP is an open standard they don't have to be to interoperate. Also H.323 clients should be available for all platforms, one even comes with Windows by default (netmeeting) though it doesn't get an icon in the start menu these days.
          • by FriendlyLurker (50431) on Friday July 09, 2010 @03:58AM (#32848580)

            I kinda get annoyed when people say "Use SIP" to the "I want to replace Skype with open source/non proprietary" question. Ok so SIP exists and clients are out there, I have even tried a few out with tech orientated friends. Now show me where all my __non tech friends__ can download AND install a sleek simple easy to use SIP client in around three clicks, and be chatting a minute later with no configuration? (the minimum bar that Skype has set). AFAIK such a SIP client does not yet exist - the SIP community has failed to cater even remotely to the only crowd that will actually make SIP relevant on the desktop (and so by extension, other areas).

            Key in Open Source S... and google will show you just how popular it is to search for Skype alternatives - the demand is there. Clicking through the search [google.com] shows just how sorry the state of SIP actually is. Top listed "Top ten" lists from 2007, half baked solutions. Hardly comparable to Skype's prominent big download button, about three click install and your talking (over an encrypted link, no less).

            I so wish I was wrong about this and there did exist a SIP client where I could email to my non-techy friends and have them chatting in minutes. Maybe one day hopefully, when someone (anyone, please!) in the SIP community get their act together. I'd love nothing more than if someone replied to prove I am wrong here...

            • and be chatting a minute later with no configuration? (the minimum bar that Skype has set)

              The problem here is that anything non-proprietary will always require some configuration purely because it won't be locked to a specific service provider.... which is the whole point of having non-proprietary stuff. But frankly, setting up a SIP client is as trivial as setting up your email client, or your XMPP client - you fill in the server that your account is on, your user name and password and it works.

              What you're asking for is equivalent to "show me where I can buy an unlocked cellphone that isn't ti

              • by micheas (231635)

                Most people (numerically) pay someone else to set up their email client.

                $50 is the going rate in the USA to set up google for domains, and most third graders should be able to do that in an afternoon.

                These same people can use skype.

                The relatively user friendly skype IDs also help. As soon as someone sees a SIP ID they want to leave, unless you have a wrapper so they never see it.

                I think you under estimate the level of polish that skype has.

                Most SIP solutions are more or less raw in places that are visible t

            • by wrook (134116) on Friday July 09, 2010 @08:24AM (#32849818) Homepage

              Writing a good, easy to use, high quality SIP client is quite easy these days. Half decent free SIP and RTP libraries exist. Decent free codecs exist. You basically just have to write UI (and not even a complicated UI at that).

              The problem is NAT. To make it work 100% of the time you must always have one leg (or an intermediary carrying the traffic) that isn't behind NAT. If you are behind NAT, Skype routes your call through someone who isn't. In other words, you will be using somebody else's bandwidth for your call. And that someone probably doesn't know you are doing it. Up until this point, there has been no free software author willing to do what Skype has done. Basically, because it is unethical in many people's minds. And free software authors tend to work based on ethics.

              With current routers and UPnP, a lot of the problems can be avoided, but you are still going to run into some situations which you can't really solve point to point. It has occurred to me to have a voluntary bandwidth usage. This should work reasonably well if the software were popular enough and you could limit the amount of bandwidth used.

              I have the skills to write such a thing, but alas I'm busy with other things at the moment. Maybe later...

              • Actually, this is not much of a problem anymore. All of the SIP providers I've encountered provide a STUN server that you can use for NAT traversal. You still need to provide the STUN server address when configuring the client, but that's pretty trivial. XMPP also uses STUN for NAT traversal with Jingle, but provides the address of the STUN server via the Jingle handshake (eJabberd has included a built-in STUN server since 2.1.0).

                • by wrook (134116)

                  Unfortunately STUN doesn't work in every case. The problem is that for many firewalls, sending an ICMP packet binds the port. This is apparently against the spec (I haven't checked), but many, many routers do this. Even Linux did it at one point (and may still do for all I know).

                  The issue comes because SIP has to choose the port it will use for audio before it sends audio. It sends the port number to the other side. But in most firewalls the port doesn't open (and isn't even really bound) until a packe

              • If you are behind NAT, Skype routes your call through someone who isn't. In other words, you will be using somebody else's bandwidth for your call. And that someone probably doesn't know you are doing it. Up until this point, there has been no free software author willing to do what Skype has done. Basically, because it is unethical in many people's minds. And free software authors tend to work based on ethics.

                Er, which part of that is unethical? Using other people's bandwidth is how peer-to-peer systems work, and there's no shortage of free software P2P: BitTorrent, Freenet, etc.

                • by wrook (134116)

                  The issue is that they don't know they are providing bandwidth for somebody else's call. It's in the fine print, but your average Joe doesn't read/understand it. It remains to be seen how many people would voluntarily give up their bandwidth for a stranger's telephone call. My current idea is to build up a kind of dark net where you can choose who to provide bandwidth too (friends, friends of friends, anybody).

                  • by Mr2001 (90979)

                    The issue is that they don't know they are providing bandwidth for somebody else's call. It's in the fine print, but your average Joe doesn't read/understand it.

                    I wonder how many of them understand they're providing bandwidth for someone else's download when they use BitTorrent.

          • by jez9999 (618189)

            one even comes with Windows by default (netmeeting) though it doesn't get an icon in the start menu these days.

            And it doesn't start on Windows 7, it crashes.

        • by houghi (78078)

          For me that is a reason NOT to use it. You do not want to chat with me and see how I sit behind my computer.

        • Yes, *and* the fact that changing the whole world to use a different 'standard' than Skype is somewhat tricky. If you want to talk to other people you can't always make them use the software you demand.

      • Plenty?

        Okay, here's my "benchmark" for a Skype replacement:
        Must be easy to use: My parents both managed to download, install and create new users in the first attempt - without having to read anything other than the on screen instructions.
        Must be translated properly: My parents don't speak nor read English at all. They're Danish, and in case you're wondering, that's a language spoken by fewer people than live in New York City.
        Must work without fail: Again, should be something mom and dad can get up and runn

      • What is even neater than a 3rd party Skype software would be some one assembling :

        - a 3rd party Skype implementation
        - using already available RTP, SIP, ZRTP to make a SIP implementation, throwing STUN *and* TURN into the mix (like libNICE) together with a list of known servers for 100% automatic NAT traversal
        - maybe throw another couple of open implementations (like Google LibJingle for XMPP).
        - and find a way to put a nice "find friend" function in there (so people won't have trouble finding who among their

    • A different Skype implementation would still have to implement this encryption algorithm that is suspected to be weak, in order to be compatible.

      A better idea would be to make a new program with encryption that is actually secure.

  • Skype still sucks (Score:5, Interesting)

    by Anonymous Coward on Thursday July 08, 2010 @04:52PM (#32845026)
    It is proprietary, centralized, bloatwared, closed, and bandwidth intensive. Simply fixing one of this is not an improvement on the situation.

    Unless you happen to be one of the unfortunate souls whose boss requires all communication to be on skype, then maybe a non-crashy linux client will be your savior.
    • Name a decent alternative? I like it for what it CAN do.
      • Re: (Score:3, Interesting)

        by Jorl17 (1716772)
        Usually I used skype to voice-chat. Then I realized that mumble was good outside gaming. Now I use mumble to do everything and have my own little chat app to communicate via text. Skype is dead for me. Mumble is bandwidth-saving in some cases and the quality is so vastly superior. The disadvantange is that of a centralized server, but I manage that just fine by using an available server OR running my local one. Sure, for conferences it might be worse in terms of bandwidth (all data going to the server = me)
      • Re:Skype still sucks (Score:4, Interesting)

        by commodore64_love (1445365) on Thursday July 08, 2010 @05:08PM (#32845198) Journal

        >>>Name a decent alternative?

        I use a calling card which is only 5 cents per minute and will work regardless where I'm at (home, hotel, payphone along the highway). I've looked at Skype and think it's a cool idea, but don't see that it would save me money, or be as convenient.

        • Re: (Score:2, Informative)

          by fuzznutz (789413)
          Pay-phone? Where do you find pay-phones these days? My daughter's brand new high school has no pay-phone anywhere on the premises. In fact, I can't remember the last pay-phone I saw. I work at a University, and there are no pay-phones in any building on campus.
          • Turnpike rest stop.
            Gas station.
            McDonalds.

            Or if they don't have one, I use my cellphone but it costs 20 cents a minute so I generally try to use my 5 cent calling card instead. Anyway still don't see the reason to switch to Skype net calling
            .

        • >>>Name a decent alternative?

          I use a calling card which is only 5 cents per minute and will work regardless where I'm at (home, hotel, payphone along the highway). I've looked at Skype and think it's a cool idea, but don't see that it would save me money, or be as convenient.

          Skype to Skype calls are free, and Skype calls to the United States cost something like $9 for unlimited minutes over 3 months. Skype calls to phones in Europe are around 1-2 cents per minute.

          • Yeah well, not completely free. If I trashed the calling card and used my PC to call home to mom or long-distance friends, it would still cost 2.4 cents (they have landline phones). I would save some money but only about $10 a month, and I'd lose the convenience of the calling card which works even when I'm not in front of my computer.

          • Skype charges 1.4p (including VAT) to call a UK landline, my SIP provider (sipgate) charges 1.19p/minute. Because SIP is an open standard, I can use the SIP client built into my mobile phone (Nokia N80 - cheapest phone I could find that supported WiFi) or run one on my computer, irrespective of the OS it is running. The one on my phone integrates with the built-in address book, so I can call over SIP/WiFi when I am in range of an access point or via the mobile network when I am not, via exactly the same i

      • by Sir_Lewk (967686)

        And millions of people got along just fine with Windows ME.

        Just because it works for you, and you like it, doesn't mean that it is good.

      • Re:Skype still sucks (Score:5, Informative)

        by caseih (160668) on Thursday July 08, 2010 @05:49PM (#32845572)

        For me Gizmo5 and sipgate.com provide all the VoIP services I used to use skype for. In fact when I combine Google Voice with either Gizmo5 or sipgate.com, and a Linksys 3102 SPA box, I can not only replace skype, but replace my land line as well. I also do most voice communication at home, so I ditched my cell plan and got a T-mobile prepaid plan. Now if I receive a call via GV on my cell phone, the moment I walk in the door I can transfer it to VoIP.

        If I had an asterisk box set up, I could probably do GV-connected outbound calling automagically from my land phone. At the moment I place most calls via the web interface.

        I know Skype can do IM and video chat, but frankly I never needed that. so yes, SIP is a good alternative. And ekiga can do both SIP and video chatting using open protocols. Works quite great, despite SIP's retardedness.

      • by xiando (770382)

        Name a decent alternative?

        There is a standard called SIP [wikipedia.org] for Internet voicecalls and a vast number of softphone programs, and hardphones, which support it. Call me using Twinkle, Linphone, Ekiga or whatever softphone you want, they all support SIP like my wireless Siemens SIP phone and they all make my phone ring when you dial it.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      It is proprietary, centralized, bloatwared, closed, and bandwidth intensive. Simply fixing one of this is not an improvement on the situation.

      I like FOSS as much as the next guy but making things open source does not magically eliminates any of these problems. I've seen plenty of FOSS code that suffers from being centralized, bloatwared and bandwidth intensive plus being insecure, badly designed, counterintuitive to use, .... , the list goes on. Bad coders are bad coders no matter where they work.

      ...then maybe a non-crashy linux client will be your savior.

      Halleluja!!!

    • Re: (Score:3, Informative)

      by westlake (615356)

      It is proprietary, centralized, bloatwared, closed, and bandwidth intensive.
      maybe a non-crashy linux client will be your savior.

      There are about 500 million Skype accounts.

      40 million or so people using the service on any given day. Skype [wikipedia.org]

      You don't "dial out" to stress-test the technology - you dial out in the hope that someone will be there to answer your call.

    • by johanw (1001493)
      But is has one main advantage over all other clients: decent encryption. When governments start complaining they can't decrypt the calls, like the Indian did, you know you're on the right track.
      • But is has one main advantage over all other clients: decent encryption. When governments start complaining they can't decrypt the calls, like the Indian did, you know you're on the right track.

        Didn't the Chinese government end up arresting rather a lot of people based on the contents of supposedly encrypted instant messages that had been supplied to them by Skype?

    • by arivanov (12034)

      Add to that - its "state of the art cryptography" is highly questionable. RC4 is a prehistoric algo.

      While it is not a bad algo per-se it is extremely easy to f*** up at the implementation level. WiFi is one example of such royal cockup. There are others.

      I would not trust a proprietary system that has not been open to scrutiny to implement RC4 based crypto correctly.

  • C&D (Score:3, Insightful)

    by pak9rabid (1011935) on Thursday July 08, 2010 @04:53PM (#32845030)
    Queue the cease and desist in 3...2...1...
    • by Imagix (695350)
      Egad.... yet another person who doesn't know the difference between a line-up and a signal. _Cue_ the C&D in 3... 2... 1...
    • by omnichad (1198475)

      If you're going to queue them, go in order: 1. There's only one cease and desist coming, right? If you're counting down, you're probably cueing.

  • by Anonymous Coward
    This just goes to show the US Govt. already likely has these streams pwnd.
  • Well (Score:2, Interesting)

    by Irick (1842362)
    Hopefully this means we will see some more 3rd party clients, and maybe some Jabber integration.
  • Interesting that they use multiple encryption algorithyms for their communication. simple yet apparently effective.
    • by Sir_Lewk (967686)

      As I'm reading TFA, it seems to me it's just a modified version of RC4. Hardly terribly interesting or new.

    • but nothing beats my 10xROT13 cipher! It's encrypted 10 times!. 10 times I tell ya! Try and beat that Citizen Protector....or whatever the NSA is calling it these days...

      • by Fumbili (1820232)

        but nothing beats my 10xROT13 cipher! It's encrypted 10 times!. 10 times I tell ya! Try and beat that Citizen Protector....or whatever the NSA is calling it these days...

        Mine goes to 11

      • by cynyr (703126)
        hey, i think i'll have to move up to that from my usual quadROT13 cipher...
      • but nothing beats my 10xROT13 cipher!

        Except my 11xROT13 cipher.

        It's, like, one louder.

  • by Wesley Felter (138342) <wesley@felter.org> on Thursday July 08, 2010 @05:03PM (#32845146) Homepage

    On the Wikipedia page http://en.wikipedia.org/wiki/Skype_protocol [wikipedia.org] I see presentations from 2004 and 2006 about reversing Skype, including its encryption. What's new here compared to the previous work?

    • On the Wikipedia page http://en.wikipedia.org/wiki/Skype_protocol [wikipedia.org] I see presentations from 2004 and 2006 about reversing Skype, including its encryption. What's new here compared to the previous work?

      Nothing. The references in your links were for academic and industry consumption. The Register article was for public consumption.

      That's about the only thing I can figure.

      • by blair1q (305137)

        You mean this time someone's making money on every click, and is probably crapping their piggy-bank upon getting the article submitted to slashdot...

    • Re: (Score:2, Funny)

      What's new here compared to the previous work?

      The date.

  • implications? (Score:4, Insightful)

    by Eil (82413) on Thursday July 08, 2010 @05:32PM (#32845430) Homepage Journal

    None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known. This is why you can have software like GPG and the zillion open source AES implementations and still use them to reliably protect data from interception.

    What would weaken Skype's security was if someone found a shortcut (by way of a bug or design flaw) to decrypting the data without knowledge of the keys being used. According to TFA, this is what the O'Neill is working on now.

    That said, the source material that O'Neill provided mentions only symmetric ciphers, which means that the keys might be buried in the Skype binaries somewhere. If that's the case, then finding those would break Skype's encryption wide open. But I rather doubt that will happen. We're only seeing part of the story here and I'd bet dollars to donuts that they're using one or more asymmetric ciphers somewhere to transmit keys for the symmetric ciphers.

    • Re:implications? (Score:5, Informative)

      by 0123456 (636235) on Thursday July 08, 2010 @05:56PM (#32845656)

      None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known

      ROT13 isn't secure when it's known.

      Like ROT13, RC4 is an antiquated cipher with many known issues; and a modified version of RC4 could be even less secure than the vanilla implementation. No-one should be using it these days when there are much better alternatives available.

      • Re: (Score:3, Informative)

        by swillden (191260)

        None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known

        ROT13 isn't secure when it's known.

        ROT13 isn't encryption. It's a trivial unkeyed encoding.

        Like ROT13, RC4 is an antiquated cipher with many known issues; and a modified version of RC4 could be even less secure than the vanilla implementation. No-one should be using it these days when there are much better alternatives available.

        RC4 is also a widely-known and deeply-studied cipher. It has some known weaknesses, but workarounds for those weaknesses are also known. It's also very efficient and a stream cipher is the right kind of cipher for this application. I agree that there are better alternatives, but unless they mucked up the implementation, there's every reason to believe that Skype's encryption is secure.

        • by nullchar (446050)

          unless they mucked up the implementation, there's every reason to believe that Skype's encryption is secure.

          Perhaps secure from a random researcher, but not secure from a dissident's point of view. If the encryption is not end-to-end (with client-managed PKs), then it is useless, even if it's strong and secure.

          The problem is, no one knows if the link is only encrypted between the clients and the server, or only encrypted between the clients. We also don't know if each client maintains its own private asym

          • Re: (Score:3, Insightful)

            by swillden (191260)

            Yes, achieving end-to-end secrecy requires much more than just using a secure encryption algorithm correctly. I was only addressing the cipher.

      • by BitZtream (692029)

        ROT13 is an acceptable form of encryption even when everyone knows what it is, assuming that the third party that isn't supposed to see it can't see it before its useless.

        No encryption is perfect. All are 'breakable' in the loosest sense of the word. The question is can you decrypt the data before it is of no value to decrypt it.

        Considering 99.9999999999999999999999999% of the traffic sent using the Skype protocol has no value to anyone other than the parties involved anyway than the strength of the encry

    • Cryptome hosts this 2007 document:

      http://cryptome.org/isp-spy/skype-spy.pdf [cryptome.org]

      * Skype can provide records showing account creation, financial transaction and use of PSTN interconnections
      * Due to the way by which Skype works, Skype does NOT have any records of user “logins”, “log offs” or other general online/offline status
      * The Skype system is designed in such a way that voicemail is not centrally stored
      * Calls, IMs and other activities between Skype users do not create billing records

      E

    • Re: (Score:2, Interesting)

      by Caledfwlch (1434813)
      There is a positive implication.... it may count partly towards the transparency that the Indian security agencies want ;-)
    • Re: (Score:3, Informative)

      by Sloppy (14984)

      None of this harms Skype's existing security in any way

      That depends on what you mean by "security." If "security" means having a monopoly on sales of an implementation of a popular protocol... ;-)

      We're only seeing part of the story here and I'd bet dollars to donuts that they're using one or more asymmetric ciphers somewhere to transmit keys for the symmetric ciphers.

      The big question about Skype has always been: how are the using the asymmetic stuff? How does each client know whose public key it's using?

    • Re: (Score:3, Insightful)

      by Wesley Felter (138342)

      It's not about security; revealing the protocol hurts Skype's lock-in. For example, the Skype-Asterisk gateway is $66 per channel; imagine if someone created an open source version.

  • by bk2204 (310841) <sandals@crustytoothpaste.net> on Thursday July 08, 2010 @06:09PM (#32845766) Homepage

    The actual RC4 cipher has bad key scheduling issues. Because the initialization step doesn't mix the key bytes well enough into the S-box, the first bytes of the keystream (which is XOR'd with the plaintext to produce the ciphertext) leak lots of data about the key. This is a major problem with WEP (there are, of course, others). Cryptographers recommend discarding the beginning of the keystream because of this weakness. Nevertheless, RC4 is popular because it is byte-oriented and fast. Even 8-bit machines can implement it trivially.

    Ultimately, it comes down to the key scheduling. If Skype has a better key-scheduling algorithm, it may actually improve security over standard RC4.

  • Does this mean we can finally have Skype protocol built into Pidgin? I would love to stop using Skype's crapware.

  • Then that would have to be one crappy encryption algorithm.

  • The VoIP world is going the way of open standards with SIP [wikipedia.org] - if Skype don't adapt to embrace SIP, they'll just edge themselves out of the marketplace.

    The biggest VoIP business provider Avaya [wikipedia.org] has been moving to SIP for years and, interestingly though maybe not relevant, are owned mostly by the Silver Lake investors, who also own most of Skype.

    • by Ash-Fox (726320)

      Skype does use SIP for termination with certain telecommunications providers.

      • Yes, but that's the point... a true SIP endpoint should work with any provider.

        • by Ash-Fox (726320)

          Yes, but that's the point... a true SIP endpoint should work with any provider.

          But most major telecommunications providers don't have SIP points for just anyone. They're locked down just for terminating between each other, just like Skype's.

          • Quite possibly, but it's a business decision to lock them down. SIP is an open protocol, Skype's protocol is (at least partly) proprietary.

            • by Ash-Fox (726320)

              SIP is an open protocol, Skype's protocol is (at least partly) proprietary.

              Yes, but the Skype protocol is not used for terminating a call between providers, SIP is used for such termination - I don't get the argument.

              The Skype protocol it self is used on the user end and has many benefits such as being capable of working around networking issues with a combination of methods such as creating 'false' open/active sessions (hole punching) in TCP and UDP to open a socket for users who for example, can't open in

              • Maybe I'm not quite getting what you're saying but that's not what I understand SIP to be.

                As far as the VoIP endpoints are concerned, all they care about is that they can comunicate the same protocol for their inter-communications - i.e. the same codecs for voice or video calls, same protocol for IM, etc. Whether those protocols do or don't work through NAT without specific ports open is irrelevant to SIP.

                The purpose of SIP is to provide the "data signalling" portion of the connection - i.e. to communicate

                • by Ash-Fox (726320)

                  You cannot use the Skype client as a SIP softphone without going via Skype themselves

                  No, but you could use Skype's Skype for SIP [skype.com] to do it, one of the SIP Skype gateway software combos [voip-info.org] out there or even a SIP service provider that I am too lazy to Google right now.

                  Being that Skype is providing this functionality directly, I honestly don't see the issue.

Parkinson's Law: Work expands to fill the time alloted it.

Working...