Re: What's up with Skype in Germany?

---

• From: "Sebastian G." <seppi@xxxxxxxxx>
• Date: Sun, 27 Jan 2008 22:22:10 +0100

---

Peter Pearson wrote:

As I understand it, my assurance that I am talking with you
depends only upon (1) the validity of our two respective
copies of the Skype Certificate Authority's public key, (2)
the secrecy of the Skype CA's private key, and (3) the
secrecy of our two private keys, stored in our two
computers. If your understanding differs, or if you see
a connection between any of these points and the Skype login
server, please elaborate.

Simply said, the Skype login server is the one who authenticates users against each other.

If MITM is a serious threat, I believe it can be effectively
thwarted by the simple expedient of showing each of the two
participants a dozen digits of the hash of the shared
secret, and encouraging them to compare.

Or by giving the users full control over their keys.

I wish Skype would do this.

Guess why it doesn't...

Considering under which jurisdictation this server exists, and the history of the company that provides Skype, it's very likely that this actually happens quite often.

It would greatly facilitate communications if you said something
specific about that jurisdiction and that history.

Well, obviously the Skype login server is on soil of USA, which simply means the government agencies can force them to launch such a MITM attack (or cease business, guess which of both happens...).
And the history is also obvious: Sharman Networks is also the author of the well-known P2P client "KaZaA Media Desktop", which came with Cydoor adware and a very nasty privacy policy.
.

---

• Follow-Ups:
  • Re: What's up with Skype in Germany?
    • From: Ari
  • Re: What's up with Skype in Germany?
    • From: Peter Pearson

• References:
  • What's up with Skype in Germany?
    • From: Peter Pearson
  • Re: What's up with Skype in Germany?
    • From: Sebastian G.
  • Re: What's up with Skype in Germany?
    • From: Peter Pearson

• Prev by Date: Re: What's up with Skype in Germany?
• Next by Date: Re: What's up with Skype in Germany?
• Previous by thread: Re: What's up with Skype in Germany?
• Next by thread: Re: What's up with Skype in Germany?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Whats up with Skype in Germany? ... It's quite obvious that Skype has been vulnerable to ... MITM attacks since ever. ... controls the Skype login server, ... a connection between any of these points and the Skype login ... (sci.crypt) Re: Whats up with Skype in Germany? ... copies of the Skype Certificate Authority's public key, ... the secrecy of the Skype CA's private key, ... (sci.crypt) Re: Whats up with Skype in Germany? ... copies of the Skype Certificate Authority's public key, ... the secrecy of the Skype CA's private key, ... the Skype login server is the one who authenticates users against each other. ... This is done encrypted with a key agreement protocol to create a session key, authentication is due to the public key of the server being embedded in the client. ... (sci.crypt) Re: Whats up with Skype in Germany? ... The attacker is anyone who controls the Skype login server, and he attacks the user authentication. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2008-01