Skype Encryption (Partly) Revealed 151
TSHTF writes "Just weeks after Skype unveiled a public API for the service, a group of cryptographers led by Sean O'Neill have successfully reverse engineered the encryption used by the Skype protocol. Source code is available under a non-commercial license which details Skype's implementation of the RC4 cipher." The linked article cautions, however, that "initial analysis suggests that O'Neill's publication does not mean that Skype's encryption can be considered 'cracked'. Further study will be needed to determine whether key expansion and initialisation vector generation are secure."
So, if I'm reading this right... (Score:1, Insightful)
Re:So, if I'm reading this right... (Score:5, Insightful)
You know what would be neater? Something not based on a proprietary system, and there are plenty. (Though it could be argued whatever things like SIP is as good.)
Re: (Score:1, Interesting)
SIP isn't that great though because there is no encryption. Sure, there is "encryption" like SRTP for SIP but nobody uses it and practically none of the SIP providers support it (quite possibly none support it; I haven't found one at least).
Plus there is the whole momentum thing, lots of people use Skype because it's dead easy to install and it generally "just works." However, the Skype client sucks donkey balls. It's buggy and difficult to use in a non-GUI environment.
With that said, I still use VOIP/SI
No other cross platform alternative... (Score:4, Insightful)
...for *video* calls. I use Linux, my daughter uses Apple and my son uses Windows. Skype allows high quality video chat, telephone interconnect/transfer and IP voice calls on all three platforms.
They may be proprietary and bandwith hogs, but the Skype folks certainly offer a free product with great user appeal. Maybe that's why it's so popular?
Re:No other cross platform alternative... (Score:4, Informative)
Re:No other cross platform alternative... (Score:5, Insightful)
I kinda get annoyed when people say "Use SIP" to the "I want to replace Skype with open source/non proprietary" question. Ok so SIP exists and clients are out there, I have even tried a few out with tech orientated friends. Now show me where all my __non tech friends__ can download AND install a sleek simple easy to use SIP client in around three clicks, and be chatting a minute later with no configuration? (the minimum bar that Skype has set). AFAIK such a SIP client does not yet exist - the SIP community has failed to cater even remotely to the only crowd that will actually make SIP relevant on the desktop (and so by extension, other areas).
Key in Open Source S... and google will show you just how popular it is to search for Skype alternatives - the demand is there. Clicking through the search [google.com] shows just how sorry the state of SIP actually is. Top listed "Top ten" lists from 2007, half baked solutions. Hardly comparable to Skype's prominent big download button, about three click install and your talking (over an encrypted link, no less).
I so wish I was wrong about this and there did exist a SIP client where I could email to my non-techy friends and have them chatting in minutes. Maybe one day hopefully, when someone (anyone, please!) in the SIP community get their act together. I'd love nothing more than if someone replied to prove I am wrong here...
Re: (Score:2)
and be chatting a minute later with no configuration? (the minimum bar that Skype has set)
The problem here is that anything non-proprietary will always require some configuration purely because it won't be locked to a specific service provider.... which is the whole point of having non-proprietary stuff. But frankly, setting up a SIP client is as trivial as setting up your email client, or your XMPP client - you fill in the server that your account is on, your user name and password and it works.
What you're asking for is equivalent to "show me where I can buy an unlocked cellphone that isn't ti
Re: (Score:2)
Most people (numerically) pay someone else to set up their email client.
$50 is the going rate in the USA to set up google for domains, and most third graders should be able to do that in an afternoon.
These same people can use skype.
The relatively user friendly skype IDs also help. As soon as someone sees a SIP ID they want to leave, unless you have a wrapper so they never see it.
I think you under estimate the level of polish that skype has.
Most SIP solutions are more or less raw in places that are visible t
Re:No other cross platform alternative... (Score:4, Interesting)
Writing a good, easy to use, high quality SIP client is quite easy these days. Half decent free SIP and RTP libraries exist. Decent free codecs exist. You basically just have to write UI (and not even a complicated UI at that).
The problem is NAT. To make it work 100% of the time you must always have one leg (or an intermediary carrying the traffic) that isn't behind NAT. If you are behind NAT, Skype routes your call through someone who isn't. In other words, you will be using somebody else's bandwidth for your call. And that someone probably doesn't know you are doing it. Up until this point, there has been no free software author willing to do what Skype has done. Basically, because it is unethical in many people's minds. And free software authors tend to work based on ethics.
With current routers and UPnP, a lot of the problems can be avoided, but you are still going to run into some situations which you can't really solve point to point. It has occurred to me to have a voluntary bandwidth usage. This should work reasonably well if the software were popular enough and you could limit the amount of bandwidth used.
I have the skills to write such a thing, but alas I'm busy with other things at the moment. Maybe later...
Re: (Score:2)
Actually, this is not much of a problem anymore. All of the SIP providers I've encountered provide a STUN server that you can use for NAT traversal. You still need to provide the STUN server address when configuring the client, but that's pretty trivial. XMPP also uses STUN for NAT traversal with Jingle, but provides the address of the STUN server via the Jingle handshake (eJabberd has included a built-in STUN server since 2.1.0).
Re: (Score:2)
Unfortunately STUN doesn't work in every case. The problem is that for many firewalls, sending an ICMP packet binds the port. This is apparently against the spec (I haven't checked), but many, many routers do this. Even Linux did it at one point (and may still do for all I know).
The issue comes because SIP has to choose the port it will use for audio before it sends audio. It sends the port number to the other side. But in most firewalls the port doesn't open (and isn't even really bound) until a packe
P2P is unethical? (Score:2)
If you are behind NAT, Skype routes your call through someone who isn't. In other words, you will be using somebody else's bandwidth for your call. And that someone probably doesn't know you are doing it. Up until this point, there has been no free software author willing to do what Skype has done. Basically, because it is unethical in many people's minds. And free software authors tend to work based on ethics.
Er, which part of that is unethical? Using other people's bandwidth is how peer-to-peer systems work, and there's no shortage of free software P2P: BitTorrent, Freenet, etc.
Re: (Score:2)
The issue is that they don't know they are providing bandwidth for somebody else's call. It's in the fine print, but your average Joe doesn't read/understand it. It remains to be seen how many people would voluntarily give up their bandwidth for a stranger's telephone call. My current idea is to build up a kind of dark net where you can choose who to provide bandwidth too (friends, friends of friends, anybody).
Re: (Score:2)
The issue is that they don't know they are providing bandwidth for somebody else's call. It's in the fine print, but your average Joe doesn't read/understand it.
I wonder how many of them understand they're providing bandwidth for someone else's download when they use BitTorrent.
Re: (Score:2)
Yes it does work in most cases. And in fact, every modern SIP client I know of works this way (there's even an RFC for it... I can't remember the name of it right now though). If you look a little higher in the conversation, you'll see the real problem, though -- Firewalls that bind the port when they return an ICMP packet. The problem is that even though you have requested a port, it isn't actually bound until you send a packet. If the firewall receive a packet before one is sent, the port isn't open y
Re: (Score:2)
one even comes with Windows by default (netmeeting) though it doesn't get an icon in the start menu these days.
And it doesn't start on Windows 7, it crashes.
Re: (Score:2)
Re: (Score:2)
Rule 34 says there is someone out there that wants exactly that. :p
Re: (Score:2)
Yes, *and* the fact that changing the whole world to use a different 'standard' than Skype is somewhat tricky. If you want to talk to other people you can't always make them use the software you demand.
Re: (Score:2)
I had that problem. Upgrading all clients to the most recent version fixed it.
Re: (Score:2)
The desires of society are often in conflict with the desires of its more influential members.
Re: (Score:3, Insightful)
Re: (Score:2)
Plenty?
Okay, here's my "benchmark" for a Skype replacement:
Must be easy to use: My parents both managed to download, install and create new users in the first attempt - without having to read anything other than the on screen instructions.
Must be translated properly: My parents don't speak nor read English at all. They're Danish, and in case you're wondering, that's a language spoken by fewer people than live in New York City.
Must work without fail: Again, should be something mom and dad can get up and runn
Re:So, if I'm reading this right... (Score:4, Informative)
http://ekiga.org/ [ekiga.org]
Re: (Score:2)
One example? I'll take your word on whether or not it's a proper replacement, but one does not a plenty make.
One only barely covers "some".
Re: (Score:2)
http://en.wikipedia.org/wiki/Comparison_of_VoIP_software#General_softphone_clients [wikipedia.org]
Re: (Score:2)
Or for a more exaustive list: http://lmgtfy.com/?q=sip+client+%2Bvideo+%2Bfile+transfer [lmgtfy.com]
I don't see how this is an issue though. You don't have any choice of Skype clients.
Ekiga is basically a drop-in replacement for Skype. You can also use any compatible software.
Even Neater (Score:2)
What is even neater than a 3rd party Skype software would be some one assembling :
- a 3rd party Skype implementation
- using already available RTP, SIP, ZRTP to make a SIP implementation, throwing STUN *and* TURN into the mix (like libNICE) together with a list of known servers for 100% automatic NAT traversal
- maybe throw another couple of open implementations (like Google LibJingle for XMPP).
- and find a way to put a nice "find friend" function in there (so people won't have trouble finding who among their
Re: (Score:2)
A different Skype implementation would still have to implement this encryption algorithm that is suspected to be weak, in order to be compatible.
A better idea would be to make a new program with encryption that is actually secure.
Skype still sucks (Score:5, Interesting)
Unless you happen to be one of the unfortunate souls whose boss requires all communication to be on skype, then maybe a non-crashy linux client will be your savior.
Re: (Score:2)
Re: (Score:3, Interesting)
Re:Skype still sucks (Score:4, Interesting)
>>>Name a decent alternative?
I use a calling card which is only 5 cents per minute and will work regardless where I'm at (home, hotel, payphone along the highway). I've looked at Skype and think it's a cool idea, but don't see that it would save me money, or be as convenient.
Re: (Score:2, Informative)
Re: (Score:2)
Turnpike rest stop.
Gas station.
McDonalds.
Or if they don't have one, I use my cellphone but it costs 20 cents a minute so I generally try to use my 5 cent calling card instead. Anyway still don't see the reason to switch to Skype net calling
.
Re: (Score:2)
>>>Name a decent alternative?
I use a calling card which is only 5 cents per minute and will work regardless where I'm at (home, hotel, payphone along the highway). I've looked at Skype and think it's a cool idea, but don't see that it would save me money, or be as convenient.
Skype to Skype calls are free, and Skype calls to the United States cost something like $9 for unlimited minutes over 3 months. Skype calls to phones in Europe are around 1-2 cents per minute.
Re: (Score:2)
Yeah well, not completely free. If I trashed the calling card and used my PC to call home to mom or long-distance friends, it would still cost 2.4 cents (they have landline phones). I would save some money but only about $10 a month, and I'd lose the convenience of the calling card which works even when I'm not in front of my computer.
Re: (Score:2)
Skype charges 1.4p (including VAT) to call a UK landline, my SIP provider (sipgate) charges 1.19p/minute. Because SIP is an open standard, I can use the SIP client built into my mobile phone (Nokia N80 - cheapest phone I could find that supported WiFi) or run one on my computer, irrespective of the OS it is running. The one on my phone integrates with the built-in address book, so I can call over SIP/WiFi when I am in range of an access point or via the mobile network when I am not, via exactly the same i
Re: (Score:2)
And millions of people got along just fine with Windows ME.
Just because it works for you, and you like it, doesn't mean that it is good.
Re: (Score:2)
Tell that to all the Apple fan-boys out there.
Re:Skype still sucks (Score:5, Informative)
For me Gizmo5 and sipgate.com provide all the VoIP services I used to use skype for. In fact when I combine Google Voice with either Gizmo5 or sipgate.com, and a Linksys 3102 SPA box, I can not only replace skype, but replace my land line as well. I also do most voice communication at home, so I ditched my cell plan and got a T-mobile prepaid plan. Now if I receive a call via GV on my cell phone, the moment I walk in the door I can transfer it to VoIP.
If I had an asterisk box set up, I could probably do GV-connected outbound calling automagically from my land phone. At the moment I place most calls via the web interface.
I know Skype can do IM and video chat, but frankly I never needed that. so yes, SIP is a good alternative. And ekiga can do both SIP and video chatting using open protocols. Works quite great, despite SIP's retardedness.
Re: (Score:2)
You can get those SPA's to work? Shit, you must be pro!
I've worked at a couple of organizations where they rolled out those SPA's on a relatively large scale, and we couldn't get them to be stable and consistent.
I wouldn't touch that shit for mission critical stuff.
Never had a problem with the SPA3102. Seems rock solid, although it does occasionally suffer minor echo but I think that's caused by some odd impedance on my POTS line.
_However_ I'm not entirely sure why you would use them on a "large scale" - they are perfect for home use or for a small office with a single phone line, but for largish scale stuff you'd be using ISDN on the PSTN side (SS7 or SIGTRAN for even larger stuff) and on the internal side you may as well chuck out your POTS phones and get SIP ones,
Re: (Score:2)
Name a decent alternative?
There is a standard called SIP [wikipedia.org] for Internet voicecalls and a vast number of softphone programs, and hardphones, which support it. Call me using Twinkle, Linphone, Ekiga or whatever softphone you want, they all support SIP like my wireless Siemens SIP phone and they all make my phone ring when you dial it.
Re: (Score:2)
Re: (Score:2)
Does it support text chat? I use Skype mainly for text chat, but sometimes I also call and use it as voice chat for games (not having the voice chat app and the game on the same computer is helpful).
Re: (Score:2)
Does it support text chat? I use Skype mainly for text chat, but sometimes I also call and use it as voice chat for games (not having the voice chat app and the game on the same computer is helpful).
SIP does support text chat (although I don't think it is widely supported by the VoIP servers), but what's wrong with XMPP for text chat anyway?
Re: (Score:2)
The need to have multiple programs for basically the same function. Skype can do text chat, file transfer (not great, but still), voice calls, video calls. You can also find new contacts by their username or email.
If you needs 3 different programs to achieve that then it is likely that you and your friends will start using different possible incompatible programs which will end up with people installing multiple programs because various people will use different programs.
I now use Google Talk and Skype beca
Re: (Score:2)
I now use Google Talk and Skype because some of my contacts prefer one or the other. It would suck if I needed to use 3 different types of programs programs (1 for chat, 1 for file transfers and 1 for voice) but my contacts chose different incompatible programs (as it is now with Skype and GTalk).
Generally there is little problem transparently gatewaying between open protocols such as XMPP (which is used by Google Talk, and many other IM services). The reason you are having to use 2 incompatible programs is because Skype is proprietary.
Re: (Score:2)
Re: (Score:1, Insightful)
It is proprietary, centralized, bloatwared, closed, and bandwidth intensive. Simply fixing one of this is not an improvement on the situation.
I like FOSS as much as the next guy but making things open source does not magically eliminates any of these problems. I've seen plenty of FOSS code that suffers from being centralized, bloatwared and bandwidth intensive plus being insecure, badly designed, counterintuitive to use, .... , the list goes on. Bad coders are bad coders no matter where they work.
...then maybe a non-crashy linux client will be your savior.
Halleluja!!!
Re: (Score:3, Informative)
It is proprietary, centralized, bloatwared, closed, and bandwidth intensive.
maybe a non-crashy linux client will be your savior.
There are about 500 million Skype accounts.
40 million or so people using the service on any given day. Skype [wikipedia.org]
You don't "dial out" to stress-test the technology - you dial out in the hope that someone will be there to answer your call.
Re: (Score:2)
Re: (Score:2)
But is has one main advantage over all other clients: decent encryption. When governments start complaining they can't decrypt the calls, like the Indian did, you know you're on the right track.
Didn't the Chinese government end up arresting rather a lot of people based on the contents of supposedly encrypted instant messages that had been supplied to them by Skype?
Re: (Score:2)
Add to that - its "state of the art cryptography" is highly questionable. RC4 is a prehistoric algo.
While it is not a bad algo per-se it is extremely easy to f*** up at the implementation level. WiFi is one example of such royal cockup. There are others.
I would not trust a proprietary system that has not been open to scrutiny to implement RC4 based crypto correctly.
C&D (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
If you're going to queue them, go in order: 1. There's only one cease and desist coming, right? If you're counting down, you're probably cueing.
Universal v. Reimerdes (Score:3, Informative)
A C&D for a clean-room reversed engineering of a publicly-available algorithm? Methinks not.
Methinks so. Universal v. Reimerdes.
US Government likely already broke it (Score:1, Interesting)
Re: (Score:2)
Well (Score:2, Interesting)
sooo... (Score:1)
Re: (Score:2)
As I'm reading TFA, it seems to me it's just a modified version of RC4. Hardly terribly interesting or new.
Re: (Score:2)
but nothing beats my 10xROT13 cipher! It's encrypted 10 times!. 10 times I tell ya! Try and beat that Citizen Protector....or whatever the NSA is calling it these days...
Re: (Score:1)
but nothing beats my 10xROT13 cipher! It's encrypted 10 times!. 10 times I tell ya! Try and beat that Citizen Protector....or whatever the NSA is calling it these days...
Mine goes to 11
Re: (Score:2)
Re: (Score:2)
but nothing beats my 10xROT13 cipher!
Except my 11xROT13 cipher.
It's, like, one louder.
Wasn't this done years ago? (Score:5, Interesting)
On the Wikipedia page http://en.wikipedia.org/wiki/Skype_protocol [wikipedia.org] I see presentations from 2004 and 2006 about reversing Skype, including its encryption. What's new here compared to the previous work?
Re: (Score:1)
On the Wikipedia page http://en.wikipedia.org/wiki/Skype_protocol [wikipedia.org] I see presentations from 2004 and 2006 about reversing Skype, including its encryption. What's new here compared to the previous work?
Nothing. The references in your links were for academic and industry consumption. The Register article was for public consumption.
That's about the only thing I can figure.
Re: (Score:2)
You mean this time someone's making money on every click, and is probably crapping their piggy-bank upon getting the article submitted to slashdot...
Re: (Score:2, Funny)
What's new here compared to the previous work?
The date.
implications? (Score:4, Insightful)
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known. This is why you can have software like GPG and the zillion open source AES implementations and still use them to reliably protect data from interception.
What would weaken Skype's security was if someone found a shortcut (by way of a bug or design flaw) to decrypting the data without knowledge of the keys being used. According to TFA, this is what the O'Neill is working on now.
That said, the source material that O'Neill provided mentions only symmetric ciphers, which means that the keys might be buried in the Skype binaries somewhere. If that's the case, then finding those would break Skype's encryption wide open. But I rather doubt that will happen. We're only seeing part of the story here and I'd bet dollars to donuts that they're using one or more asymmetric ciphers somewhere to transmit keys for the symmetric ciphers.
Re:implications? (Score:5, Informative)
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known
ROT13 isn't secure when it's known.
Like ROT13, RC4 is an antiquated cipher with many known issues; and a modified version of RC4 could be even less secure than the vanilla implementation. No-one should be using it these days when there are much better alternatives available.
Re: (Score:3, Informative)
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known
ROT13 isn't secure when it's known.
ROT13 isn't encryption. It's a trivial unkeyed encoding.
Like ROT13, RC4 is an antiquated cipher with many known issues; and a modified version of RC4 could be even less secure than the vanilla implementation. No-one should be using it these days when there are much better alternatives available.
RC4 is also a widely-known and deeply-studied cipher. It has some known weaknesses, but workarounds for those weaknesses are also known. It's also very efficient and a stream cipher is the right kind of cipher for this application. I agree that there are better alternatives, but unless they mucked up the implementation, there's every reason to believe that Skype's encryption is secure.
Re: (Score:2)
Perhaps secure from a random researcher, but not secure from a dissident's point of view. If the encryption is not end-to-end (with client-managed PKs), then it is useless, even if it's strong and secure.
The problem is, no one knows if the link is only encrypted between the clients and the server, or only encrypted between the clients. We also don't know if each client maintains its own private asym
Re: (Score:3, Insightful)
Yes, achieving end-to-end secrecy requires much more than just using a secure encryption algorithm correctly. I was only addressing the cipher.
Re: (Score:2)
ROT13 is an acceptable form of encryption even when everyone knows what it is, assuming that the third party that isn't supposed to see it can't see it before its useless.
No encryption is perfect. All are 'breakable' in the loosest sense of the word. The question is can you decrypt the data before it is of no value to decrypt it.
Considering 99.9999999999999999999999999% of the traffic sent using the Skype protocol has no value to anyone other than the parties involved anyway than the strength of the encry
Skype may have better security than you think (Score:3, Interesting)
Cryptome hosts this 2007 document:
http://cryptome.org/isp-spy/skype-spy.pdf [cryptome.org]
* Skype can provide records showing account creation, financial transaction and use of PSTN interconnections
* Due to the way by which Skype works, Skype does NOT have any records of user “logins”, “log offs” or other general online/offline status
* The Skype system is designed in such a way that voicemail is not centrally stored
* Calls, IMs and other activities between Skype users do not create billing records
E
Re: (Score:2, Interesting)
Re: (Score:3, Informative)
That depends on what you mean by "security." If "security" means having a monopoly on sales of an implementation of a popular protocol... ;-)
The big question about Skype has always been: how are the using the asymmetic stuff? How does each client know whose public key it's using?
Re: (Score:3, Insightful)
It's not about security; revealing the protocol hurts Skype's lock-in. For example, the Skype-Asterisk gateway is $66 per channel; imagine if someone created an open source version.
Re: (Score:2)
The key scheduling is what's important (Score:5, Informative)
The actual RC4 cipher has bad key scheduling issues. Because the initialization step doesn't mix the key bytes well enough into the S-box, the first bytes of the keystream (which is XOR'd with the plaintext to produce the ciphertext) leak lots of data about the key. This is a major problem with WEP (there are, of course, others). Cryptographers recommend discarding the beginning of the keystream because of this weakness. Nevertheless, RC4 is popular because it is byte-oriented and fast. Even 8-bit machines can implement it trivially.
Ultimately, it comes down to the key scheduling. If Skype has a better key-scheduling algorithm, it may actually improve security over standard RC4.
Re:The key scheduling is what's important (Score:5, Insightful)
Ultimately, it comes down to the key scheduling. If Skype has a better key-scheduling algorithm, it may actually improve security over standard RC4.
I would hope they didn't create a custom key scheduling algorithm. Odds are good that what they created would be worse. It would be much better to use the standard key schedule and discard the first 2 KB of the keystream -- which is what cryptographers suggest when using RC4.
Does this mean... (Score:2)
Does this mean we can finally have Skype protocol built into Pidgin? I would love to stop using Skype's crapware.
If publishing the scheme weakened it... (Score:2)
Then that would have to be one crappy encryption algorithm.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If the person who did it was American, or if an American uses the code then sure.
Re: (Score:3, Insightful)
Oh, this could be used for interoperability - something explicitly allowed under DMCA. It's just like reverse engineering Word's .doc format.
Re: (Score:2)
The DMCA only covers copyrighted content protection, not things like garage door openers.
You could argue that the contents of the communication are a copyrighted performance created by the two participants, but it probably wouldn't hold much weight in court.
Re: (Score:2)
Re: (Score:2)
Exactly. It's connecting to a server you don't control FFS. Almost the whole thing is a big black box. Like landlines and cell networks, I consider it unsecure.
If you want secure VoIP, run SIP or IAX through a VPN containing only trusted devices.
Re: (Score:2)
Because it's easy to setup, uses strong AES crypto, goes through firewalls, and is free....