VOIP Security

By Daniel Miessler on July 26th, 2005: Tagged as General

Looks like Phil Zimmerman (the creator of PGP) is tackling the lack of encryption in most VOIP implementations. I think this is a worthy cause, of course, but I can’t help but notice that Skype already has encryption built in to both calls and IM by default (256-bit AES/Rijndael, even).

Here’s what Skype has to say about the encryption used:

“Skype uses AES (Advanced Encryption Standard) – also known as Rijndael – which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.”

Skype rocks. If you’re not using it, go get yourself a copy.

--

5 Comments »

  1. I’ve been thinking about skypes security… is it possible to trace the route that the traffic takes? how do we know theres not some intermediate stop for the traffic where its being recorded? Do we take skype’s word for it?

    Jason

    Comment by Jason Ormes — 7/26/2005 @ 2:47 pm

  2. The key is the end to end encryption. Capturing data does nothing for an attacker really, unless they can crack 256-bit Rijndael.

    Comment by Daniel — 7/26/2005 @ 6:44 pm

  3. are you sure its end to end. we never create unique keys. there could be an intermediary server that you and I are talking to that decripts and then reencrypts the traffic. Unless you’ve seen something that points otherwise.

    Jason

    Comment by Jason Ormes — 7/27/2005 @ 8:38 am

  4. Yes, I’m quite sure it’s end-to-end. We do in fact create unique keys just for this purpose. Here, let me append the post with the encryption information.

    (Check the post again)

    Comment by Daniel — 7/27/2005 @ 9:37 am

  5. VoIP Security Interview with Rohan Mahy

    Open Standards VoIP Security - On the Fast Track I had the opportunity to speak with Rohan Mahy yesterday and we had some great conversation about existing and new VoIP Security specifications proposed by the IETF. We talked about TLS,…

    Trackback by SIPthat.com - Erik's daily musings on VoIP and IP Communications — 8/10/2005 @ 4:38 pm

RSS Feed For This Post...

Leave a Comment...