Friday, January 21, 2005

Skype and homeland security

I mentioned in an earlier post that I often use Skype, a free voice over IP (VOIP) application, to communicate with physicists in foreign countries. I just learned that Skype connections are encrypted using 256 bit AES, negotiated using 1024 bit RSA. This level of encryption is essentially unbreakable with current computing power. The Feds (with the possible exception of the NSA, and they would have to work very hard to break even a single session) have no chance of eavesdropping on any Skype conversation.

It is true that Skype is closed-source, so it isn't easy to verify that the crypto implementation doesn't have any holes or backdoors. However, given the number of users and the negative consequences for the company of any privacy issues, I suspect that it works as advertised.

The Skype site claims over 52 million downloads of their client. University network administrators are already struggling to define campus usage policies for it and other VOIP applications. If I were a bad guy in search of technology that is (a) innocuous, (b) freely available and (c) secure, I would look no further.

A little VOIP calculation: I noted here that bandwidth costs about $.50 per GB. Now, 10 KBps is enough bandwidth for a VOIP call with excellent sound quality, so a one minute call uses less than 1 MB. This means that the bandwidth cost of a VOIP call is less than .05 cents per minute - perhaps as little as .02 cents.

7 comments:

Anonymous said...

Skype is wonderful.

Anne

Anonymous said...

I love this blog, and wait on some of a physicist's thoughts on art :)

Anne

Anonymous said...

Steve,

What is your take on elliptic curve cryptography? Do they have any computational advantage over prime number factorization based algorithms of similar strength?

MFA

Steve Hsu said...

ECC is a bit less CPU intensive, so used on smart cards, etc. A lot of european financial firms have big bets on ECC.

My feeling is the number theory "hardness" of breaking ECC is less understood than factoring (central to RSA), although now that I say that I'm not sure why as they both boil down to taking discrete logs.

IIRC, there was a kfluffle a few years back when someone made a big claim about being able to break ECC, and many big companies were scrambling to sort it out. Turned out to be a false alarm, though.

Don't tell anyone, but I have an idea for a screenplay: imagine there is some Asperger-like kid who can immediately factor huge numbers in his head, and therefore break RSA (doesn't sound entirely implausible to me). Imagine what happens when governments find out he exists... (Or maybe there are many more like him, occupying a sea of cubicles at NSA, Fort Meade.) Sounds better than the premise for that new TV show, Numb3rs.

Anonymous said...

Actually, you are really on to something! Delete these blog entries and sell your script. There are millions of dollars/euros at stake! (Forget about getting off the hedonic treadmill!)

The story line is not at all implausible. After all, there was the untrained mathematical genius Ramanujam who seemed to know numbers intimately.

The more I think about it, the more it sounds like a great premise for a show, and a movie with sequels, merchandising, and what not!

Likely, NSA will forbit the script being released on national security reasons... :)

PS: I appreciate your broad interests; somehow tweaking the gauge groups, and trying desperately to save the model, by many arbitrary fine-tunings and even more complexity, does not sound that exciting to me :)

Steve Hsu said...

Ramanujan's was the kind of mysterious brain I had in mind for the script :-)

BTW, although I descended from a long line of model-builders (including H. Georgi), I am not a huge fan of it myself. The field these days is in a speculative frenzy, and lots of hard problems go unattacked.

Anonymous said...

To those just think skype is vonderful to use:

Skype is a selfish software and took other software's bandwith for itself usage. That's why it feels better than others. If that's a standard way later, every software using same way, internet will full of waste traffic and nothing will working well.

Blog Archive

Labels