[16751] in cryptography@c2.net mail archive
Re: Simson Garfinkel analyses Skype - Open Society Institute
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sun Jan 30 01:53:26 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 29 Jan 2005 12:45:57 -0500
From: Adam Shostack <adam@homeport.org>
To: Mark Allen Earnest <mxe20@psu.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <41FA94C9.5030901@psu.edu>
On Fri, Jan 28, 2005 at 02:38:49PM -0500, Mark Allen Earnest wrote:
| Adam Shostack wrote:
| >I hate arguing by analogy, but: VOIP is a perfectly smooth system.
| >It's lack of security features mean there isn't even a ridge to trip
| >you up as you wiretap. Skype has some ridge. It may turn out that
| >it's very very low, but its there. Even if that's just the addition
| >of an openssl decrypt line to a reconstruct shell script.
| >
| >In that case, the value of 'better' is vanishingly small, but it will
| >still take an attacker at least 5 minutes to figure that out.
|
| I would contend that a false sense of security is worse than no security
| at all. Someone's behavior may be different if they are wrongfully
| assuming that their communications are encrypted by what they believe is
| strong encryption when if fact it may be "very very low".
I fully agree with you that, if people had a sense of how their
conversations could be eavesdropped on, then this would be the case.
But, given what people talk about on their cell phones and cordless
phones, and what they send via unencrypted email, they are acting like
they think their communications are secure in the absence of any
encryption. So I don't think adding some 'cryptographic mumbo jumbo'
is going to change their sense of security in the wrong direction.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
