Skype Cracked?

[Guest Deleted_Account]

I was reading the post on http://www.enrupt.com/index.php/2010/07/07...secret-revealed and thought all was sound but then saw this part:

There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption - the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4

okay so am I misunderstanding, is AES not implemented properly or is this guy actually claiming to have cracked AES-256 bit ontop of RC4? and also i thought RC4 (obviously not skypes variant) was cracked along time ago? as in:

In 2005, Andreas Klein presented an analysis of the RC4 stream cipher showing more correlations between the RC4 keystream and the key.[20] Erik Tews, Ralf-Philipp Weinmann, and Andrei Pychkine used this analysis to create aircrack-ptw, a tool which cracks 104-bit RC4 used in 128-bit WEP in under a minute.[21] Whereas the Fluhrer, Mantin, and Shamir attack used around 10 million messages, aircrack-ptw can break 104-bit keys in 40,000 frames with 50% probability, or in 85,000 frames with 95% probability.

from Wikipedia

so am i missing something? or is it just the variant/implimentation skype is using? The way it's worded it sounds like he is claiming to have cracked AES-256 bit (Yah right. That is VERY unlikely)

[IOSys]

Why let the hackers have the advantage?

As professional cryptologists and reverse engineers, we are not on their side.

So, a bunch of crackers, who claim to be "professional cryptologists and reverse engineers"

CRACK a programs encryption-implementation (a clearly ILLEGAL thing to do btw )

and then start talking bad about "hackers" ?

I smell commercial bullshit !

[VaKo]

Cracker please, everyone knows the word hacker can mean good or bad things these days.

[IOSys]

Cracker please, everyone knows the word hacker can mean good or bad things these days.

No it can't .

Just because the media and the skiddies confuse the terms it doesn't make hackers crackers or vice versa .

And file-sharers aren't "pirates", despite what the media (and even the most juvenile file-sharers) want

you to believe .. "Piracy is a war-like act committed by private parties (not affiliated with any government) that engage in acts of robbery and/or criminal violence at sea" ..

Words actually have defined meanings and the words you choose to use influence peoples perception of the issue.

Edited July 13, 2010 by IOSys

[Infiltrator]

Vaco's statement is valid, there is clearly a difference between a good hacker and a bad hacker.

What just happened is a classic example of a gray hat hacker.

[VaKo]

Yes, but meanings change over time. This process is called semantic change. It is also why the word hacker is often prefixed with white, black or gray, as this helps us understand more about the specific hacker in question.

[metatron]

So, a bunch of crackers, who claim to be "professional cryptologists and reverse engineers"

CRACK a programs encryption-implementation (a clearly ILLEGAL thing to do btw )

and then start talking bad about "hackers" ?

I smell commercial bullshit !

I'd call them hackers, but it really does not matter. Also it might be illegal in the US, but contrary to what some people believe US laws do not apply to anyone outside of the US. Although they do have an extraordinary rendition program.

Edited July 13, 2010 by metatron

[psydT0ne]

Skype aint compromised...

Steve Gibson covers the details in his Security Now podcast.

The episode in question is "Last Pass"....search the transcripts for details.

[Guest Deleted_Account]

Skype aint compromised...

Steve Gibson covers the details in his Security Now podcast.

The episode in question is "Last Pass"....search the transcripts for details.

Ill have to check into that. so basically the guy is just try to get attention and is lying?

EDIT:

Here is the main part:

Yeah. It totally makes sense. Now, there were in the news in the last couple of days some stories that were a little overheated, saying that Skype's encryption had been cracked, people worrying about that. There was, essentially, some very good reverse engineering done. And I wanted to put everyone's mind at rest that Skype's encryption has not been cracked. So a guy who people believe is using a pseudonym of Sean O'Neil essentially posted that they had reverse-engineered Skype's encryption.

Now, Skype's overall cryptography architecture is really good. I've looked at it in the past just because I was curious, and I've got it on my own notes here to do a whole episode on the security architecture of Skype, much as we're going to talk about the security architecture of LastPass in this episode. We have developed over the last five years, four weeks short of five years, all of the bits and pieces we need to, where there we're talking about specific technologies. Fitting these together into systems is one of the things I want to spend some time on moving forward, and looking at how Skype works in terms of how do they use these things in order to create an architecture is something I want to do.

Well, what this Sean O'Neil, whatever his real name is, going by the name Sean O'Neil, what he, or they, have done is essentially they reverse-engineered some pieces of what Skype has done which Skype has kept proprietary. Now, essentially, we've talked about security by obscurity. That's a favorite term people like to use sort of in an absolute sense of, well, you know, if you rely on security by obscurity, then you have no security. It's certainly the case that, if you depend upon obscurity, you can't ever count on it enduring.

Quoted from here just search for skype it was the second one that showed up for me.

Edited July 17, 2010 by x942