[VOIPSEC] regarding skype's usefulness in the enterprise
Tony Carter
tcarter at entrusion.com
Wed Jan 4 17:18:35 CST 2006
> and it's proprietary encryption. there are some simply rules
> in the crypto world, one of which is "if it's not a reviewed
> crypto scheme you should assume it is suspect". skype's
> crypto is proprietary. It's been reviewed, in a very limited
> fashion, and the review doesn't read to some like it's ok.
Rodney,
Are you reading the same evaluation that was published here:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf ?
Skype's security was reviewed by a respected cryptographer and does use
standards based cryptography.
Read: "Skype uses only standard cryptographic primitives to meet its ends,
which is a sound engineering approach. These primitives include the AES
block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature
padding scheme, the SHA-1 hash function"..
-Tony
More information about the Voipsec
mailing list