Talk:Skype Security

From MissionTechWiki

Skype claims to use 256 bit AES end-to-end encryption. This would seem to me that when you make a skype call, you and the person (computer) you're calling authenticate to each other and establish the encryption. If it helps, we are using 256-bit AES to encrypt our VPN connection. At the moment it is one of the most secure algorithms out there. Skype claims it does because the calls are routed through the p2p network giving "supernodes" the opportunity to eavesdrop on calls. This would seem to indicate to me that using skype is truely secure in the sense that from end-to-end point communication the traffic is encrypted and can not be spied upon. (Note: The last sentance is important, there are plenty of other ways to "spy" upon people, hidden cameras, microphones, key-loggers (and comming out are audio / video loggers as well), hacked versions of the software the duplicate the stream to the hacker... you get the idea.

Not quite sure how to publish the above info on the actual page in a format that would be good for the users.

~Dave Crim

It appears that Skype calls can be intercepted for wiretapping orders. This may only apply to SkypeIn/Out calls though.

There is a lot of FUD around about the use of skype, especially re the use in countries with strong government control, and there are specific versions for those countries. We need good clear reasoned and referenced arguments to help confirm or dispel that FUD. --DavidM 08:50, 7 March 2007 (EST)

Yup. One thing I'll say is that I understand from a security perspective why Skype refuses to release thier code as open source. While security through obscurity is a valid model, it only lasts until the obscurity is broken through. As soon as somebody reverse engineers the protocol - BAM. The reason they've done this is that while the obscurity remains intact, it makes it much harder for people to find holes in the software.

~Dave Crim