Re: [Full-disclosure] How to encrypt voice skype calls?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Fabio Pietrosanti (naif) wrote: | Are all funky ideas, but i mean, i don't trust skype :) Hey, insightful response! Thanks for the details. It definitely is an interesting research area, huh? - -- Arturo "Buanzo" Busleiman Independent Security Consultant - SANS - OISSG Tired of SPAM? Slow Internet in your office? Ask me. http://www.buanzo.com.ar/pro/eng.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIW9YIAlpOsGhXcE0RCiEeAJwKSOVVdlBzqHzegre32Xd2hFsFrACfYfZJ s0xjKZf/af3rPIlb08Rutyc= =c/43 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ureleet wrote: | but youd then run into the same problems as OTR has. its not platform | wide, and its not ubiquitous. but your idea is still good. True, but I want to emphasize the "hackish, but at least not skype-dependant" nature of the idea :) Yours, - -- Arturo "Buanzo" Busleiman Independent Security Consultant - SANS - OISSG Tired of SPAM? Slow Internet in your office? Ask me. http://www.buanzo.com.ar/pro/eng.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIW8fbAlpOsGhXcE0RCv8TAJ9VWLvcwDSShf+CvYNmjQdpcSeO1ACfQ3kJ hXTciABB6tcaw6ZtWgDdVIs= =DGb6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
Arturo 'Buanzo' Busleiman wrote: > I'm pretty sure an alsa (sorry, no windows here) audio > encryption/decryption plugin could be > written, and have that mic/speak interface be used by skype. Be careful! Scrambling != encryption ! Scrambling it's applied to an analog signal to convert some frequencies. SIGSALY it's Secure Digital Voice Communications in World War II: - http://en.wikipedia.org/wiki/SIGSALY - http://www.flickr.com/photos/[EMAIL PROTECTED]/2534235949/ If you scramble your voice, staying within the frequencies allowed by the narrowband compression codec used by skype you cannot have a full digital path on which encipher a data stream with a good encryption algorithm (that process bucks of data and not frequencies). There are no secure scrambling technology. The only way to secure a voice path is to have a digital path enciphered on which you put the compressed voice sample. But working on the "analog" processing the voice before it's compressed it's NOT an option. For such reason i was wondering how this could be accomplished on a Skype based call. Maybe by enciphered audio samples directly in the memory of skype: - Hooking into skype to encipher audio samples before they are packed in a frame? - Hooking into skype to encipher audio samples after they are packed in a frame? Or maybe by leveraging the skype transport for the "digital path" and using our own encoding/decoding framework: - Changing some bunch of data (from offset X to offset Y) in the ip packets "on the net"? (There's some checksum?) Are all funky ideas, but i mean, i don't trust skype :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
but youd then run into the same problems as OTR has. its not platform wide, and its not ubiquitous. but your idea is still good. On Fri, Jun 20, 2008 at 8:56 AM, Arturo 'Buanzo' Busleiman <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Fabio Pietrosanti (naif) wrote: > | That' s a very interesting point... > | > | Would be possible, somehow, to make a software that encrypt skype calls > | "independently" from skype encryption? > > Absolutely. As Peter mentioned, that's called a scrambler, but you have > different things to do on > that front: Encryption, reshaping (like, making your voice sound like a > child/woman/etc), etc. > > I'm pretty sure an alsa (sorry, no windows here) audio encryption/decryption > plugin could be > written, and have that mic/speak interface be used by skype. > > - -- > Arturo "Buanzo" Busleiman > Independent Security Consultant - SANS - OISSG > Tired of SPAM? Slow Internet in your office? Ask me. > http://www.buanzo.com.ar/pro/eng.html > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIW6kKAlpOsGhXcE0RCtSUAJ9VlmPAv730uVRm4M22MUVjh6SSlwCbBXHC > APQ2bRy00dCUB0DYb8O92q0= > =uq2J > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Fabio Pietrosanti (naif) wrote: | That' s a very interesting point... | | Would be possible, somehow, to make a software that encrypt skype calls | "independently" from skype encryption? Absolutely. As Peter mentioned, that's called a scrambler, but you have different things to do on that front: Encryption, reshaping (like, making your voice sound like a child/woman/etc), etc. I'm pretty sure an alsa (sorry, no windows here) audio encryption/decryption plugin could be written, and have that mic/speak interface be used by skype. - -- Arturo "Buanzo" Busleiman Independent Security Consultant - SANS - OISSG Tired of SPAM? Slow Internet in your office? Ask me. http://www.buanzo.com.ar/pro/eng.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIW6kKAlpOsGhXcE0RCtSUAJ9VlmPAv730uVRm4M22MUVjh6SSlwCbBXHC APQ2bRy00dCUB0DYb8O92q0= =uq2J -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
yeah it already it exists and it's called a scrambler (e.g SIGSALY) **On Fri, Jun 20, 2008 at 6:21 AM, Fabio Pietrosanti (naif) <[EMAIL PROTECTED]> wrote: > That' s a very interesting point... > > Would be possible, somehow, to make a software that encrypt skype calls > "independently" from skype encryption? > > Something like detecting the audio sample and enciphering it before are > sent to the ip channel and decrypted before are received by the skype > application? > > -naif > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to encrypt voice skype calls?
instead of focusing the discussion on Skype - which is not open and proprietary - we should use the standard VoIP protocols such as SIP or similar. Encryption is readily available for standard VoIP protocols and there are also alternatives such as zrtp ... On Fri, 2008-06-20 at 12:21 +0200, Fabio Pietrosanti (naif) wrote: > That' s a very interesting point... > > Would be possible, somehow, to make a software that encrypt skype calls > "independently" from skype encryption? > > Something like detecting the audio sample and enciphering it before are > sent to the ip channel and decrypted before are received by the skype > application? > > -naif > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/