||This article may be too technical for most readers to understand. (August 2009)|
- how private are my private conversations in Skype?
- much better than other easy-to-use Messengers.
- Can the NSA listen-in or monitor chat sessions for keywords and identify the users involved?
- probably not very well due to the distributed network.
- AES256 is considered pretty safe, the security of the encryption depends on the security of the key exchange mechanism. Skype could send the keys directly to an eavesdropper. But the probably easiest way to listen to skype communication is to compromise the computer running skype.
- probably not very well due to the distributed network.
22.214.171.124 22:29, 28 June 2007 (UTC)
- I am left asking myself the same questions! The article plainly states that Communication is encrypted using RC4; the method used does not provide any privacy.
- But, hello! If the traffic is encrypted it DOES provide SOME privacy. If it would provide NO PRIVACY then the author knows something that we don't. IMHO this is unacceptable behaviour in the wikipedia world. Please clarify this aspect or tell us why you cannot. (The NSA is controlling wikipedia content?)
- 126.96.36.199 (talk) 11:06, 2 July 2008 (UTC)
- Right and Wrong. The above paragraph is right in mentioning the Skype security article, which states (sic): Skype uses 256 bit AES encryption to encrypt communication between users, complicating the decryption of these communications. Skype's encryption is inherent in the Skype Protocol and is transparent to callers. Because of this integration the communication between users is considered to be private, although several security concerns exist. I'm just about to remove the stupid remarks about using "...256 bit AES encryption to encrypt" and "complicating the decryption of these communications" in that article, the latter being exactly what encryption algorithms are supposed to do. But it's wrong in stating that such issues "do not belong" into this technical article. If the 'article about the wheels and springs' speak about a clock that has no accuracy, then the article is worthless. -AVM (talk) 22:33, 24 April 2011 (UTC)
Baset and Schulzrinne used:
Biondi and Desclaux used:
Techniques used to defend the Skype binary
Skype relies heavily on code obfuscation:
- Much of the skype binary is encrypted. It provides its own unpacker which erases the original import table as it is loaded.
- Code integrity checksums, executed randomly, and obfuscated with random lengths and random operators
- attempt to identify breakpoints and trap the debugger.
- target specific debuggers by checking for certain loaded drivers
- General code obfuscation with fake error handlers that directly manipulate memory and registers. —The preceding unsigned comment was added by Pgr94 (talk • contribs) 14:11, 7 December 2006 (UTC).
Skype protocol implementations
Can someone who knows please add a section listing implementations? I'm not talking about wrappers around the Skype binary client, but actual new code. The official client is obviously an implementation, it appears ++skype may also be one. Are there any others?
- I'm not really sure what ++skype is. Is it just a wrapper? I'm not aware of any other implementations, but would also be interested to know if anyone has started a GPL project. Pgr94 17:14, 27 May 2007 (UTC)
- According to User:188.8.131.52 "++Skype library is a library for the API of the software and not for the network." Pgr94 09:51, 18 June 2007 (UTC)
- Fring does in fact do skype voice, but I don't know if it's encrypted. fring! --TIB (talk) 16:47, 2 June 2008 (UTC)
Fair use rationale for Image:Skype logo.png
Image:Skype logo.png is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.
Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.
If there is other other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images uploaded after 4 May, 2006, and lacking such an explanation will be deleted one week after they have been uploaded, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.BetacommandBot 05:53, 6 June 2007 (UTC)
start 2. send UDP packet(s) to HC 3. if no response within 5 seconds then 4. attempt TCP connection with HC 5. if not connected then 6. attempt TCP connection with HC on port 80 (HTTP) 7. if not connected then 8. attempt TCP connection with HC on port 443 (HTTPS) 9. if not connected then 10. attempts++ 11. if attempts==5 then 12. fail 13. else 14. wait 6 seconds 15. goto step 2
- That kind of omission is OK for pseudo code as it helps readability. It is not OK in real code of cause.
Skype protocol leak
The obfuscated Skype RC4 key expansion algorithm has been leaked and is available in portable C code. Code is available here: http://cryptolib.com/ciphers/skype/ pgr94 (talk) 19:00, 12 May 2011 (UTC)
in 2003 MS made an AntiTrust Settlement, in which they told to publish a lot of interoperability data, including "proprietary communications protocols". I bet Skype protocol fals into the definition ? i wonder if someone would push Microsoft into making the protocol public. 184.108.40.206 (talk) 20:00, 14 May 2011 (UTC)
Skype protocol reverse engineered by Efim Bushmanov
- Here is a direct link to the website: http://skype-open-source.blogspot.com/ The site appears to have received a DMCA takedown notice. Is this legal if the protocol is being reverse-engineered for interoperability? 220.127.116.11 (talk) 19:46, 8 June 2011 (UTC)
It would certainly be quite legal to reverse engineer in any european country, provided it was to create a new interoperating program (for example a 3rd party 'skype format compatible' application), and that did not make direct use of any de-compiled source-code. Reading such dis-assembled source code for inspiration, and then coming up with near identical code could probably be found illegal as would distributing it for others to do so. However reading it and coming up with some fully original work that was quite different but incidentally functionally interoperable or equivalent would not be a problem, neither would distributing it to others to read and do the same. Publishing decompiled source code for others to do with as they may is (!) a case for the well paid lawyer and his expert witness, and then publishing accross national boundries is another game again. Mike (in the UK!). — Preceding unsigned comment added by 18.104.22.168 (talk) 15:53, 26 September 2011 (UTC)