Jump to content
begood

Skype's encryption procedure partly exposed

Recommended Posts

Posted

Developer Sean O'Neill, famous in cryptographic circles for designing the EnRUPT hash algorithm, has released an open source Skype library that emulates the modified version of the RC4 encryption algorithm used by Skype. Skype chose to modify key generation for the stream cipher to make its product incompatible with other IM clients and ensure that it remained a closed system. However, initial analysis suggests that O'Neill's publication does not mean that Skype's encryption can be considered 'cracked'. Further study will be needed to determine whether key expansion and initialisation vector generation are secure. Because Skype has not released details of its encryption procedures, for years researchers have been trying and failing to reverse engineer the company's encryption. What is clear is that Skype uses a variety of encryption procedures. AES-256 is used to communicate with Skype's login server, SMS/event server and search servers. Supernodes and clients use the modified version of RC4 for the actual communication.

No further information is currently available – O'Neill's website, on which he announced his breakthrough, is currently offline. Even the Skype Library RC4 v1.108 download is currently offline. O'Neill has promised further details, but not until December, when he intends to present his findings at the Chaos Communication Congress in Berlin (27C3).

Until then, interested users can examine the code and use it for test purposes. Commercial usage is currently permissible only after consultation with O'Neill.

Skype's encryption procedure partly exposed - The H Security: News and Features

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...