Re: [EMAIL PROTECTED]: Skype security evaluation]
That's a fairly interesting review, and Skype should be commended for hiring someone to do it. I hope to see more evaluations from vendors in the future. However, I have a couple of suggestions. My understanding of the peer-to-peer key agreement protocol (hereafter p2pka) is based on section 3.3 and 3.4.2 and is something like this: A -> B: N_ab B -> A: N_ba B -> A: Sign{f(N_ab)}_a A -> B: Sign{f(N_ba)}_b A -> B: Sign{A, K_a}_SKYPE B -> A: Sign{B, K_b}_SKYPE A -> B: Sign{R_a}_a B -> A: Sign{R_b}_b Session key SK_AB = g(R_a, R_b) 0) The p2pka allows us to use a peer as a signing oracle for nonces by performing steps 1 through 4. Only the one-wayness of f (specified only as "modified in a standard way") stands in the way of arbitrary forgery, which would allow us to bypass the security on steps 3, 4, 7, and 8. It would not stop us from knowing the session key, since there is no restriction on the form of R_a or R_b. 1) It's not clear that the identity certificates are bound to a [externally visible] network [source] address at registration time. IMHO, this would be a good idea. 2) He implicitly ignores the fact that the skype key is a trusted CA, so skype can impersonate anyone (or delegate that impersonation by signing a bogus ID). This is obvious to a cryptographer but should be mentioned for the layperson. An evaluation should explicitly specify who must be trusted by whom, and everyone must trust the Skype registrar. 3) It looks like the peer-to-peer communication involves the same key, SK_AB, in both directions, opening the door for keystream re-use, but there's 64 bits of presumably random salt so it shouldn't be very common. Vagueness: 1) They use an unencrypted 2-byte CRC on each packet between peers. Undetected modification to a packet is possible, since the CRC is computed over the encrypted data and stored en clair. In this case, arbitrary bits can be flipped, the CRC recomputed, and no future packets depend on the current packet, so there's no tell-tale garbling afterwards like there is in most other block modes. He alludes to this in section 3.4.4 but doesn't really specify the impact, merely compares it to WEP. 2) The session established with the Skype server during registration is protected with a 256-bit key, which is random, but he doesn't say how the client and Skype agree on it. 3) It's not clear why they used rc4 instead of ICM to generate key material, but at least it's not being used for confidentiality. 4) The details of the random number generation are vague ("makes a number of win32 calls"). 5) The details of the SK_AB key composition are vague ("combined in a cryptographically-sound way"), shown by g in the p2pka above. 6) It doesn't say who sends the nonces first --- is it the recipient of the connection, or the initiator? Can we DoS people by repeated connections triggering digital signatures? 7) It doesn't say whether it's a TCP or UDP protocol, what ports it uses, etc. I'm curious if it will work through NAT at both ends. 8) The skype server's timeout on login passwords can be used for a denial-of-service against the registration protocol and doesn't affect username guessing (fixed password variable username, a/k/a "reverse hack"). 9) It doesn't specify how the salts used in ICM mode are communicated. 10) It doesn't specify how streams are created and numbered. It'd be nice to see the protocol clearly specified and analyzed via automated means (finite state analysis via murphy, etc.). Obsession with performance: He makes no fewer than six comments about performance (of the AES code, of the modular exponentiation, of the primality testing, of modular inversion, of multi-precision arithmetic libraries, and SHA-1 implementation), which should normally be the least of anyone's worries, especially cryptographers. Is this is a security evaluation, or a performance test? However, since we're talking about real-time audio streams, perhaps some discussion of the bandwidth and especially latency of the p2p protocol would be in order. Unfortunately, there's no quantification ("... performs favorably in terms of clock cycle per encryption"). Trust us: Finally, the whole thing is closed source, so none of it is easily verifiable. We just have to take his word on it, and often he just offers opinions (see the complaints of vagueness above). Summary: All that having been said, I still have more confidence in Skype than I did before reading the paper. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Re: [EMAIL PROTECTED]: Skype security evaluation]
- Original Message - Subject: [Tom Berson Skype Security Evaluation] Tom Berson's conclusion is incorrect. One needs only to take a look at the publicly available information. I couldn't find an immediate reference directly from the Skype website, but it uses 1024-bit RSA keys, the coverage of breaking of 1024-bit RSA has been substantial. The end, the security is flawed. Of course I told them this now years ago, when I told them that 1024-bit RSA should be retired in favor of larger keys, and several other people as well told them. Joe
Re: Morris's V story
I am in good health and have always enjoyed sex. I was losing my erection during intercourse and during oral sex with my girlfriend. It was difficult to pinpoint the problem so I decided to order some Vjagrra online. I ordered my Vjagrra which arrived in several days. I ordered 4x100mg pills and on the weekend decided to give it a go without saying anything to my girlfriend ;) 35 minutes before we went to bed I took half a pill, and WOW! what a difference. I had a rock hard erection for over an hour of non stop sex. Even after I had climaxed I was ready to go again in twenty minutes, which we did. this lasted for over two hours, and I was still hard in the shower after. It was like being a teenager over again. Amazing! If you have a problem, try Vjagrra, it is great http://www.aroldow.com
[EMAIL PROTECTED]: Skype security evaluation]
- Forwarded message from "Steven M. Bellovin" <[EMAIL PROTECTED]> - From: "Steven M. Bellovin" <[EMAIL PROTECTED]> Date: Sun, 23 Oct 2005 09:48:37 -0400 To: cryptography@metzdowd.com Subject: Skype security evaluation X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 Skype has released an external security evaluation of its product; you can find it at http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf (Skype was also clueful enough to publish the PGP signature of the report, an excellent touch -- see http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf.sig) The author of the report, Tom Berson, has been in this business for many years; I have a great deal of respect for him. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - End forwarded message - -- Eugen* Leitl http://leitl.org";>leitl __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
E-gold Account Alert Case ID Number: PR-50-95-308
** e-gold Account Information Notice ** Time of update: 22/10/2005 05:34:58 AM GMT This automatic email notice lets you know that modifications have been made to the Account Information settings for your e-gold account. The current settings for your account can be viewed and modified at the e-gold website: https://www.e-gold.com/acct/login.html Enter your account information and approve or deny the modifications made. If your account information remains unconfirmed for 72 hours, your account will be suspended. User Agreement, Section 9: we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. After the suspension of your account, please be advised that you will be prohibited from using E-gold in any way. This includes the registration of any new account. Please do not reply to this automatically generated email message.
E-gold Account Alert Case ID Number: PR-50-95-308
** e-gold Account Information Notice ** Time of update: 22/10/2005 05:34:58 AM GMT This automatic email notice lets you know that modifications have been made to the Account Information settings for your e-gold account. The current settings for your account can be viewed and modified at the e-gold website: https://www.e-gold.com/acct/login.html Enter your account information and approve or deny the modifications made. If your account information remains unconfirmed for 72 hours, your account will be suspended. User Agreement, Section 9: we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. After the suspension of your account, please be advised that you will be prohibited from using E-gold in any way. This includes the registration of any new account. Please do not reply to this automatically generated email message.
Seafood Users Manual - Great for Xmas
Title: Seafood Bookshop: Seafood Users Manual (Plus Free CD) ABOUT US | CONTACT | HOME seafoodbookshop.com Events Newsletters Fact Sheets Our Members & Partners Logon Affiliate Login Subscribe to our mailing lists Unsubscribe Specials & Discounts Consumers & Health Student & School Projects Fish Names Seafood Safety & Quality EMS & Sustainability Marketing & Trade Processing & Value Adding Training & Best Practice Publications by Species PDF Format (50% off) BUNDLES (up to 50% off) PDF Order Forms(Australia Only) Seafood Users Manual (Plus Free CD) Quantity in Basket: none Code: PU201 Price: $44.00 Shipping Weight: 2.70 Kgs Select Number: 1 Manual + 1 Free CD ($44.00) 5 Manuals + 5 Free CDs ($38.50 each) 10 Manuals + 10 Free CDs ($33.00 each) 20 Manuals + 20 Free CDs ($27.50 each) 50 Manuals + 50 Free CDs ($22.00 each) Quantity: Great Xmas Present - Buy Bulk And Save - Every Manual Comes With Free CD (PU202) Download a PDF sample of pages from the Manual Impressive 300 page, easy-to-use guide on how to buy, store, prepare, cook, and sell seafood. An excellent everyday working manual or reference for all sectors of the seafood industry including consumers. Great for staff training! The easy-to-navigate CD Rom can also be purchased individually. Publisher: FRDC/QDPI, 2000 Format: Binder 366pp Related Item(s) Code Name Price PU202 Seafood Users Manual CD Rom $11.00 Kit-24 Seafood Library - 24 great products (40% off!) $390.66 Privacy | Contact | Home