7 AM
> To: [EMAIL PROTECTED]; cryptography@metzdowd.com
> Subject: Re: [EMAIL PROTECTED]: Skype security evaluation]
>
> Wasn't there a rumor last year that Skype didn't do any encryption
> padding, it just did a straight exponentiation of the plaintext?
>
> Would that be
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk
> Gesendet: Freitag, 28. Oktober 2005 06:07
> An: [EMAIL PROTECTED]; cryptography@metzdowd.com
> Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation]
>
&
Wasn't there a rumor last year that Skype didn't do any encryption
padding, it just did a straight exponentiation of the plaintext?
Would that be safe, if as the report suggests, the data being
encrypted is 128 random bits (and assuming the encryption exponent is
considerably bigger than 3)? Seems
hy@metzdowd.com; [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Skype security evaluation]
On 10/23/05, Travis H. <[EMAIL PROTECTED]> wrote:
> My understanding of the peer-to-peer key agreement protocol (hereafter
> p2pka) is based on section 3.3 and 3.4.2 and is something like this
On Mon, 24 Oct 2005, cyphrpunk wrote:
> Is it possible that Skype doesn't use RSA encryption? Or if they do,
> do they do it without using any padding, and is that safe?
You may want to read the report itself:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
an
On 10/23/05, Travis H. <[EMAIL PROTECTED]> wrote:
> My understanding of the peer-to-peer key agreement protocol (hereafter
> p2pka) is based on section 3.3 and 3.4.2 and is something like this:
>
> A -> B: N_ab
> B -> A: N_ba
> B -> A: Sign{f(N_ab)}_a
> A -> B: Sign{f(N_ba)}_b
> A -> B: Sign{A, K_a
- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the cover
- Forwarded message from "Steven M. Bellovin" <[EMAIL PROTECTED]> -
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
Date: Sun, 23 Oct 2005 09:48:37 -0400
To: cryptography@metzdowd.com
Subject: Skype security evaluation
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
Skype has releas
That's a fairly interesting review, and Skype should be commended for
hiring someone to do it. I hope to see more evaluations from vendors
in the future.
However, I have a couple of suggestions.
My understanding of the peer-to-peer key agreement protocol (hereafter
p2pka) is based on section 3.3