[Dshield] Question on Skype

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Feb 17 16:36:08 GMT 2006


On Fri, 17 Feb 2006 09:10:38 MST, Richard Roy said:

> to ip and over the internet is it secure?  I see it uses Rijndael
> encryption, but I thought I remembered reading some time ago that this
> type of encryption could be cracked theoretically.

Rijndael is now known as AES.  Although there's some *very* interesting
work going on against AES, the current *realistic* threat from attacks
against the cypher itself are essentially *zero*.  The current "breaks"
against AES basically mean that an attacker can do certain things using
only a few thousand CPU-years of computation, rather than a few hundred
thousand CPU-years.  It's *still* in the range where if somebody is even
*trying* to break it, it means you're on the you-know-what list of either
a very large TLA or the owner of a very large botnet.

And in *either* case, the fact they can break your crypto is the *least*
of your problems.... ;)

As always, the *real* issues are key management:
 
1) It doesn't matter *WHAT* crypto you use, if you're using a Windows box
that has 17 different spypware and keyboard sniffers on it, it's Game Over.
That's your *biggest* problem in securing *anything* today.

You can't do trusted *anything* on a platform you don't trust.

2) Shoulder surfing of passphrases, passwords written on post-its, and all
the related ones. You know the drill here too.

And as usual, all of the above allow compromise of the communication without
any cryptographic breaks....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060217/01a0c4cf/attachment.bin


More information about the list mailing list