lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 20 Jun 2008 17:35:46 +0200
From: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: How to encrypt voice skype calls?

Arturo 'Buanzo' Busleiman wrote:
> I'm pretty sure an alsa (sorry, no windows here) audio 
> encryption/decryption plugin could be
> written, and have that mic/speak interface be used by skype.

Be careful!

Scrambling != encryption !!!!!

Scrambling it's applied to an analog signal to convert some frequencies.

SIGSALY it's Secure Digital Voice Communications in World War II:
 - http://en.wikipedia.org/wiki/SIGSALY
 - http://www.flickr.com/photos/44165698@N00/2534235949/


If you scramble your voice, staying within the frequencies allowed by 
the narrowband compression codec used by skype you cannot have a full 
digital path on which encipher a data stream with a good encryption 
algorithm (that process bucks of data and not frequencies).

There are no secure scrambling technology.

The only way to secure a voice path is to have a digital path enciphered 
on which you put the compressed voice sample.

But working on the "analog" processing the voice before it's compressed 
it's NOT an option.

For such reason i was wondering how this could be accomplished on a 
Skype based call.

Maybe by enciphered audio samples directly in the memory of skype:

- Hooking into skype to encipher audio samples before they are packed in 
a frame?
- Hooking into skype to encipher audio samples after they are packed in 
a frame?

Or maybe by leveraging the skype transport for the "digital path" and 
using our own encoding/decoding framework:

- Changing some bunch of data (from offset X to offset Y) in the ip 
packets "on the net"? (There's some checksum?)

Are all funky ideas, but i mean, i don't trust skype :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ