Efim Bushmanov, a freelance researcher, posted to his blog "You have unique chance to take a look on skype internal protocol and encryption. You will see what it uses strong AES and RSA encryption with public key infrastructure .. most of hard things already done(for 1.x/3.x/4.x versions of skype). Including rc4 and arithmetic compression .. It will not work at all on any 5.x skype and will not work for 3.x/4.x without new 'login' certificate(they call it 'credentials'). Cert issued by skype login server each time when you enter password, or once in around 30 days if you mark 'remember password' checkbox".
How long will it take skype to make the necessary changes? DPI vendors are challenging the protocol for several years now (see "Is it Possible to Block Skype with DPI ?" - here) and Skype always comes up with one more thing, keeping the vendors away from full decoding (for example - identifying the media type used so voice could be discriminated, while other media session wont).
Anyway, in the meantime some people may (?) find this valuable, at least as reading material.
No comments:
Post a Comment