Re: Encrypted traffic dropped?

From: Alexander Klimov <alserkli@xxxxxxxx>
Date: Sun, 21 May 2006 13:32:17 +0300 (IDT)

On Thu, 18 May 2006 barcajax@xxxxxxxxx wrote:

I have recently installed SimpLite-MSN software
(http://www.secway.fr/us/products/simplite_msn/) to encrypt my IM
messages.

First of all, it is not very smart to use non--open-source software
for real security.

There is infinite number of ways how RSA and AES can be used to create
insecure protocol. Apparently, there is no specification of the
protocol they use...

For this software to work, it requires both the sender and
receipient to both have this software installed and running during
the IM session. SimpLite behaves as a proxy so MSN Messenger talks
to SimpLite locally and SimpLite will exchange traffics with the MSN
network.

It is not clear: they use the messenger protocol with encryption
of the messages, or they use their own protocol and convert messages
to the messenger protocol locally?

Seems that his ISP is able to recognise that the packets that are
being exchanged are encrypted and dropped accordingly because he is
able to resume using MSN Messenger only after turning off SimpLite.
Is my hypothesis correct? If yes, would anyone hazard a guess how
the ISP is doing so?

Since it is quite unlikely that ISP checks whether messages are plain
text or cipher text, I guess that they use their own protocol, and
this protocol or (more likely) the ports it uses are blocked.

It is possible to distinguish plain text from cipher text using the
entropy estimates: cipher text looks like a stream of random numbers
and is not compressible, but plain text is easily compressible. ISP
can just calculate what is the compression ratio of a message and acts
accordingly. (Of course, this strategy can be easily neutralized by
using steganographic techniques.)

--
Regards,
ASK

References:
- Encrypted traffic dropped?
  - From: barcajax

Prev by Date: Re: Wireless Security (Part 2)
Next by Date: MS Audit logs
Previous by thread: Encrypted traffic dropped?
Next by thread: Re: Article: "Security Absurdity: The Complete, Un
Index(es):
- Date
- Thread

Relevant Pages

Re: Newbie question
... You are trying to create the equivalent of a federated identity management ... using a custom protocol of your own design. ... it does place demands on your partners to implement ADFS on their ... Will my corporate partners be able to encrypt their data using the RSA ...
(microsoft.public.dotnet.security)
Re: Where do the random numbers come from?
... just using an established protocol is that resources on my client are ... >>encrypt with RSA and the servers public key. ... >>just initializes the random numbers generator with the ...
(comp.security.ssh)
Re: Where do the random numbers come from?
... > encrypt with RSA and the servers public key. ... I presume you mean "AES key" here. ... your protocol is ... very susceptible to a Trojan horse attack. ...
(comp.security.ssh)
Re: Crack MSN hashes?
... The MSN Messenger uses the MSNP Protocol. ... Trust everyone just don't trust the devil inside 'em ... Subject: Crack MSN hashes? ...
(Pen-Test)
Re: Authentication
... A uses the password to encrypt A_public and sends this to B. ... >>What about the following protocol that differs from EKE? ... > look like a valid public key. ... > redundancy to let this attack work. ...
(sci.crypt)