tommy May 27, 2011 4:27 PM

Maybe, but I sure hate to tell you what that silhouette looks like.

Have a happy long holiday weekend, Bruce, Moderator, and all others who live here in the US, as we honor those who gave their lives to protect our freedoms so that the Government could take them away.

tommy May 28, 2011 5:21 PM

Hi searaborAgire,

All you will find here is a bunch of geeks and nerds. Somehow, though, I have a hunch that you may be able to hook up with the Moderator.

Clive Robinson May 29, 2011 5:50 AM

OFF Topic,

@ Bruce,

This might be of interrest.

Four researchers from University of North Carolina at Chape Hill (Andrew White, Austin Matthews, Kevin Snow, and Fabian Monrose) presented a paper at the IEEE Symposium on Security and Privacy in Oakland California this week.

Titled “Hookt on fon-iks” it shows the development of their work of “Phonotactic Reconstruction of Encrypted VoIP Conversations”

Put simply the CELP speach compression algorithm originaly developed by the NSA and used in by far the majority of Voice to Data systems such as mobile phones and Skype will in some modes and usages leak sufficient information to allow recovery of the spoken words without having to “crack the encryption”

This current paper ( ) builds on earlier work ( ).

It arives just in time to upset a few people because one target for their work is Skype, which does suffer from this problem. Not that this is the first time Skype has been hit, the previous paper caused Privacy International to request Skype to make changes (which it appears either they have not or not in the right way).

The problem is “efficiency” opening up a “side channel”, whereby the secrets leak out without the encryption realy doing much to stop it.

The “efficiency” in question is “variable bit rate encoding” which alows information on the phonems to escape to be used in reconstruction of words and sentences, thus conversations.

The difference between the earlier paper and the current one?

Well many incorectly dismised it as being a “theoretical” not a “practical” attack. The second paper shows that it is now practical and is at the point of being an “engineering” problem prior to tools apear on the Internet to do it.

As Bruce has often noted “attacks only get better”, and as I’ve often noted “it’s Efficiency -v- Security” if you don’t know what you are doing, and it’s not just Skype in the frame on this one…

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.