google search:Sean O'Neil skype c lib
RC4新算法的下载地址:http://cryptolib.com/ciphers/skype/
zero:
Skype's encryption procedure partly exposed
Skype Logo Developer Sean O'Neill, famous in cryptographic circles for designing the EnRUPT hash algorithm, has released an open source Skype library that emulates the modified version of the RC4 encryption algorithm used by Skype. Skype chose to modify key generation for the stream cipher to make its product incompatible with other IM clients and ensure that it remained a closed system. However, initial analysis suggests that O'Neill's publication does not mean that Skype's encryption can be considered 'cracked'. Further study will be needed to determine whether key expansion and initialisation vector generation are secure.
Because Skype has not released details of its encryption procedures, for years researchers have been trying and failing to reverse engineer the company's encryption. What is clear is that Skype uses a variety of encryption procedures. AES-256 is used to communicate with Skype's login server, SMS/event server and search servers. Supernodes and clients use the modified version of RC4 for the actual communication.
No further information is currently available – O'Neill's website, on which he announced his breakthrough, is currently offline. Even the Skype Library RC4 v1.108 download is currently offline. O'Neill has promised further details, but not until December, when he intends to present his findings at the Chaos Communication Congress in Berlin (27C3).
Until then, interested users can examine the code and use it for test purposes. Commercial usage is currently permissible only after consultation with O'Neill.
first:
The sophisticated encryption code used by Skype to protect its network has been exposed by cryptography expert Sean O'Neil.
O'Neil believes that the code is already being exploited by Skype spammers.
Skype's encryption code, based on a cipher called RC4, is used by the VoIP service provider to protect its clients and servers being attacked by hackers and spammers, as well as preventing third parties from creating their own IM clients using Skype's network.
In a statement, Sean O'Neil, said: “Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean, really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries.”
The cryptographer has provided a link to a C Library which is the clone of the "obfuscated Skype RC4 key expansion algorithm" used by Skype to secure its network.
O'Neil also says that he released the open source code for research and educational purposes only.
Read more: http://www.itproportal.com/2010/07/09/skype-encryption-cracked/#ixzz1vmVvnZzk
second:
A freelance researcher who claims to have reverse engineered Skype's communication protocol provided working code for sending messages on the network, which could be abused by spammers.
Skype's encryption scheme is based on a modified version of the RC4 cipher and cracking it has long been a challenge for reverse engineers. Progress towards this goal has even been made in the past.
The new claim, made by a researcher allegedly named Efim Bushmanov, is accompanied by decompiled source code.
"My aim is to make skype open source. And find friends who can spend many hours for completely reverse it," the researcher writes on his blog.
"Now, most of hard things already done(for 1.x/3.x/4.x versions of skype). Including rc4 and arithmetic compression," he adds.
The most interesting part of his offer is working code that allows sending messages to Skype. Even though based on a slightly dated version of the protocol, if this code works as advertised, it could facilitate spam attacks against Skype users; and this has actually happened before.
In July 2010, a researcher going by the name of Sean O'Neil (possibly an alias), released a C library which he claimed is a replica of the obfuscated Skype RC4 key expansion algorithm.
The researcher decided to make the code public after parts of it were leaked months before and started being abused by spammers to launch attacks on the platform.
At the time Skype confirmed that the code can be used to spam users and considered legal action against the researcher, which they identified as one Yaroslav Charnovsky.
It's very likely that the company will take a similar stance in this case and will send cease and desist letters to everyone hosting the decompiled code, although once it's out the only way to prevent abuse is to make changes to the client and protocol.