[VOIPSEC] regarding skype's usefulness in the enterprise

Tony Carter tcarter at entrusion.com
Wed Jan 4 15:18:35 PST 2006


> and it's proprietary encryption.  there are some simply rules 
> in the crypto world, one of which is "if it's not a reviewed 
> crypto scheme you should assume it is suspect".  skype's 
> crypto is proprietary.  It's been reviewed, in a very limited 
> fashion, and the review doesn't read to some like it's ok.  

Rodney,
Are you reading the same evaluation that was published here:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf ?
Skype's security was reviewed by a respected cryptographer  and does use
standards based cryptography.

Read: "Skype uses only standard cryptographic primitives to meet its ends,
which is a sound engineering approach. These primitives include the AES
block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature
padding scheme, the SHA-1 hash function"..

-Tony





More information about the Voipsec mailing list