Skype Security Report Raises Questions

It seems that the independent security evaluation of their product may have raised more questions than it answered.

In particular, concerns have been raised regarding:

  • Use of 1024-bit key for the RSA crypto
  • use of RC4, since if not done properly, can be easily defeated
  • Skype itself can impersonate anyone should it want to do so
  • For more details, see Skype’s Security Gaffe by Larry Loeb