

Skype's obfuscated RC4 algorithm leaked; discoverers open code for review - effigies
http://www.enrupt.com/index.php/2010/07/07/skype-biggest-secret-revealed

======
HaltingState
Website is down. Someone cache this website.

~~~
steve19
Article text ...

"

For over 10 years, Skype enjoyed selling the world security by obscurity. We
must admit, really good obscurity. I mean, really really good obscurity. So
good that almost no one has been able to reverse engineer it out of the
numerous Skype binaries. Those who could, didn’t dare to publish their code,
as it most certainly looked scarier than Frankenstein.

The time has come to reveal this secret. <http://cryptolib.com/ciphers/skype>
contains the greatest secret of Skype communication protocol, the obfuscated
Skype RC4 key expansion algorithm in plain portable C. Enjoy!

Why publish it now? - It so happened that some of our code got leaked a couple
of months ago. We contacted Skype reporting the leak. Only weeks later, our
code is already being used by hackers and spammers and we are abused by Skype
administration. I do not want to go into any finger-pointing details here, but
naturally, we do not wish to be held responsible for our code being abused. So
we decided that the time has come for all the IT security experts to have it.
Why let the hackers have the advantage? As professional cryptologists and
reverse engineers, we are not on their side. Skype is a popular and important
product. We believe that this publication will help the IT security community
help secure Skype better.

However, for the time being, we are not giving away a licence to use our code
for free in commercial products. Please contact us if you need a commercial
licence.

It is not all security by obscurity of course. There is plenty of good
cryptography in Skype. Most of it is implemented properly too. There are seven
types of communication encryption in Skype: its servers use AES-256, the
supernodes and clients use three types of RC4 encryption - the old TCP RC4,
the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use
AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all.
If you want to know more, come to Berlin for 27C3 to hear all the juicy
details on how to use this function to decrypt Skype traffic.

With best regards, Skype Reverse Engineering Team"

------
suxargs
How come the skype protocol havent been reverse engineerd and 3rd party
clients been implemented years ago?

Most things popular like this already are, and also the official client suck
balls, so extra motivation there.

