Skype and homeland security

I mentioned in an earlier post that I often use Skype, a free voice over IP (VOIP) application, to communicate with physicists in foreign countries. I just learned that Skype connections are encrypted using 256 bit AES, negotiated using 1024 bit RSA. This level of encryption is essentially unbreakable with current computing power. The Feds (with the possible exception of the NSA, and they would have to work very hard to break even a single session) have no chance of eavesdropping on any Skype conversation.

It is true that Skype is closed-source, so it isn't easy to verify that the crypto implementation doesn't have any holes or backdoors. However, given the number of users and the negative consequences for the company of any privacy issues, I suspect that it works as advertised.

The Skype site claims over 52 million downloads of their client. University network administrators are already struggling to define campus usage policies for it and other VOIP applications. If I were a bad guy in search of technology that is (a) innocuous, (b) freely available and (c) secure, I would look no further.

A little VOIP calculation: I noted here that bandwidth costs about $.50 per GB. Now, 10 KBps is enough bandwidth for a VOIP call with excellent sound quality, so a one minute call uses less than 1 MB. This means that the bandwidth cost of a VOIP call is less than .05 cents per minute - perhaps as little as .02 cents.