[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] more on Skype security evaluation
Begin forwarded message: From: Laurent GUERBY <laurent@guerby.net> Date: October 25, 2005 9:45:20 AM EDT To: dave@farber.net Cc: Ip Ip <ip@v2.listbox.com> Subject: Re: [IP] more on Skype security evaluation
From: Lauren Weinstein <lauren@vortex.com> [...] Naturally, the code is expected to continue its evolution. But the intractable problem with proprietary crypto systems is that even if we know what they are doing today, we don't necessarily have any way to figure out what they're doing tomorrow, either in terms of accidental or purposeful weaknesses. [...]
No need for new versions: the build process used for Skype real release could compile sources other than the audited sources, the audit could have missed a hidden "thread" in some obscured source part getting the user secret key / passphrase while it's still in memory and shipping it somewhere (or storing it for later uses - obviously not having observed odd behaviour now does not mean there is no possible activation of odd behaviour), etc... Proprietary software vendors will never ever be able to reach security and trust levels offered to users by true open source sofware where anyone can see the code and build his own binary with his own compiler setup (yes I read "Reflections on Trusting Trust" :) or use one from the most trusted amongst open source packaging companies competing on ... trust. Laurent PS: gnomemeeting over openvpn does work for me. ------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC