[Dshield] Question on Skype
Valdis.Kletnieks at vt.edu
Fri Feb 17 16:36:08 GMT 2006
On Fri, 17 Feb 2006 09:10:38 MST, Richard Roy said:
> to ip and over the internet is it secure? I see it uses Rijndael
> encryption, but I thought I remembered reading some time ago that this
> type of encryption could be cracked theoretically.
Rijndael is now known as AES. Although there's some *very* interesting
work going on against AES, the current *realistic* threat from attacks
against the cypher itself are essentially *zero*. The current "breaks"
against AES basically mean that an attacker can do certain things using
only a few thousand CPU-years of computation, rather than a few hundred
thousand CPU-years. It's *still* in the range where if somebody is even
*trying* to break it, it means you're on the you-know-what list of either
a very large TLA or the owner of a very large botnet.
And in *either* case, the fact they can break your crypto is the *least*
of your problems.... ;)
As always, the *real* issues are key management:
1) It doesn't matter *WHAT* crypto you use, if you're using a Windows box
that has 17 different spypware and keyboard sniffers on it, it's Game Over.
That's your *biggest* problem in securing *anything* today.
You can't do trusted *anything* on a platform you don't trust.
2) Shoulder surfing of passphrases, passwords written on post-its, and all
the related ones. You know the drill here too.
And as usual, all of the above allow compromise of the communication without
any cryptographic breaks....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060217/01a0c4cf/attachment.bin
More information about the list