Previous | Home | Next
Bill Campbell
More by Author

Skype publishes security white paper

October 21, 2005 08:17 AM

Topics:

Finally we have the word of a third party security consultant Tom Berson, who has reviewed the Skype source code and encryption system.

His bottom line:

The designers of Skype did not hesitate to employ cryptography widely and well in order to establish a foundation of trust, authenticity, and confidentiality for their peer-to-peer services. The implementers of Skype implemented the cryptographic functions correctly and efficiently. As a result, the confidentiality of a Skype session is far greater than that offered by a wired or wireless telephone call or by email and email attachments.

Get the full report here.

I met Tom last month and we chatted about his work. He is a really great guy.

I will follow up next week with some interviews of security staff at some fortune 500 companies who have wanted to deploy Skype, but were waiting for a report such as this. Will this report satisfy their requirements? Watch this space.

Post | Email | Print | Comments (6) | TrackBack (0)



Trackback Pings

TrackBack URL for this entry:
http://www.skypejournal.com/cgi-bin/mt/mt-tb.cgi/1639

Comments

Posted by: Paul Jardine at October 21, 2005 10:41 AM

I know they got a new President, did they also get someone intelligent woring in their marketing department!?
This is a very good move by Skype, emphasising the security of the system will balance some of the non-standards-based criticisms. I hope Mr Berson has sufficient 'gravitas' to carry the day.
I have always felt that the security aspects, particulary PKI, was one of Skype's stronger points, yet it was being misrepresented by many so-called experts in the IT press.

Posted by: M. at October 21, 2005 11:15 AM

Skype was and is closed source, and its security by obscurity must therefore be seen as potentially unsecure. Reliable cryptography is open source, so why doesn't Skype make its source public?

Posted by: Bill Campbell at October 22, 2005 6:06 PM

Hey Paul!

Welcome back. I agree with you this is a very good move by Skype. About a month ago I met Kurt Skype's head of security. Another real gentleman! They need more like him in Skype.

I thinks Tom has the 'gravitas' to carry the day. We will soon find out. There are 3 Fortune 50 companies who are waiting for this report. If they deploy Skype then Tom's report card will carry the day.

Thanks for stopping by...

Regards, Bill

Posted by: MuppetMaster at October 24, 2005 6:32 AM

I do not believe this report will negate concern much, as it is incomplete at best. More on this here:

http://forum.skype.com/viewtopic.php?t=38123

Posted by: Jan Geirnaert / Tropicaljantie at October 24, 2005 9:17 AM

I will be waiting for a killer report written by an external independant entity, trying to prove that certain feature skype are not safe.

I have always had trouble believing what the inhouse "independant" analyst had to say on a product.

It's a nice report yes. It is also good public relations.

Did somebody forgot to mention the dual.triple and so on logon feature and the fact that on the harddisk you can easily retrieve the email - address of any skype account that runned on a computer, followed by the fax that the emails with the password still get send in clear text.

Apart from that all is perfect.

Posted by: MuppetMaster at October 26, 2005 9:22 AM

Ah, the timing could not be more appropraite. Indeed, this entirely invalidates the so called 'security' report:

http://forum.skype.com/viewtopic.php?t=38499

Post a comment




Remember Me?

(you may use HTML tags for style)





Other Recent Posts

Skype 3.0 Folder Pollution in Life | Products | Skype杂志 | complaints | design | ebay | skype | skypejournal | voip | wishlist on 11/22/06

Skype 3.0 Beta for Windows; bugfix build 137 in General Notices | News | Products | Skype News | Skype杂志 | ebay | skype | skypejournal | voip on 11/22/06

Skype PR Wake Up Call III: The Commentary in Business | Every Post | Ideas & Views | Marketing | Skype News | Skype杂志 | Strategy | ebay | observations | skype | skypejournal | voip on 11/22/06

Wednesday morning scan in Business | Life | Marketing | News | Products | Skype Partner Watch | Skype杂志 | Strategy | Technology | Tips & Tricks | Yahoo | counterpoints | design | ebay | freedom | observations | regulation | skype | skypejournal | voip on 11/22/06

Yes, TalkPlus reverse engineered Skype. in Developers | North America | Skype Partner Watch | Skype杂志 | Strategy | Technology | ebay | skype | skypejournal | voip on 11/21/06

Email to a friend