The user, encrypted with their password. Its roamable but the keys were
end2end encrypted with the user password. The independent audit skype paid
for of their crypto design is probably still online. (Though possibly no
longer valid).
We dont know if they are uploading the urls over a side channel for
anti-malware or pulling them out of the MITM stream on the server. I think
you could tell simply without reverse engineering: just paste lots of long
urls and sniff the traffic volume vs pasting lots of the same amount of text
without urls. Someone want to try that before they take it down?
Adam
On Mon, May 20, 2013 at 10:46:11AM -0700, Jonathan Thornburg wrote:
On Mon, 20 May 2013, Jeffrey Walton wrote:
The original Skype homepage (circa 2003/2004) claims the service is
secure: "Skype calls have excellent sound quality and are highly
secure with end-to-end encryption."
(http://web.archive.org/web/20040701004241/http://skype.com/).
But who had (has) the keys to that encryption?
--
-- "Jonathan Thornburg [remove -animal to reply]"
<jth...@astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
on sabbatical in Canada starting August 2012
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
