Skype's encryption procedure partly exposed
Skype Logo Developer Sean O'Neill, famous in cryptographic circles for designing the EnRUPT hash algorithm, has released an open source Skype library that emulates the modified version of the RC4 encryption algorithm used by Skype. Skype chose to modify key generation for the stream cipher to make its product incompatible with other IM clients and ensure that it remained a closed system. However, initial analysis suggests that O'Neill's publication does not mean that Skype's encryption can be considered 'cracked'. Further study will be needed to determine whether key expansion and initialisation vector generation are secure.
Because Skype has not released details of its encryption procedures, for years researchers have been trying and failing to reverse engineer the company's encryption. What is clear is that Skype uses a variety of encryption procedures. AES-256 is used to communicate with Skype's login server, SMS/event server and search servers. Supernodes and clients use the modified version of RC4 for the actual communication.
No further information is currently available – O'Neill's website, on which he announced his breakthrough, is currently offline. Even the Skype Library RC4 v1.108 download is currently offline. O'Neill has promised further details, but not until December, when he intends to present his findings at the Chaos Communication Congress in Berlin (27C3).
Until then, interested users can examine the code and use it for test purposes. Commercial usage is currently permissible only after consultation with O'Neill.
first:
The sophisticated encryption code used by Skype to protect its network has been exposed by cryptography expert Sean O'Neil.
O'Neil believes that the code is already being exploited by Skype spammers.
Skype's encryption code, based on a cipher called RC4, is used by the VoIP service provider to protect its clients and servers being attacked by hackers and spammers, as well as preventing third parties from creating their own IM clients using Skype's network.
In a statement, Sean O'Neil, said: “Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean, really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries.”
The cryptographer has provided a link to a C Library which is the clone of the "obfuscated Skype RC4 key expansion algorithm" used by Skype to secure its network.
O'Neil also says that he released the open source code for research and educational purposes only.
Read more: http://www.itproportal.com/2010/07/09/skype-encryption-cracked/#ixzz1vmVvnZzk
很老的Skype版本(可能是2.x)上 進行TCP封包RC4解密過程中,生成RC4擴充密鑰時,隻用到了一個來自TCP封包的4位元組參數作為生成擴充密鑰函數的入參,但在新版本(4.x)上, 這一算法行不通了。
新版本上生成RC4擴充密鑰用到了兩個入參:4位元組參數和一個0x30位元組的參數。
RC4密鑰擴充時,4位元組參數用來初始化擴充密鑰0x100(256),然後用0x30位元組的參數對初始化的擴充密鑰進行一系列變型,進而得到最終的擴充密鑰(初始擴充密鑰長度為0x100(256)+2,初始擴充密鑰的末尾兩位元組為0x00),用該密鑰來解密TCP RC4密文即可得到RC4明文(也就是AES-256密文,再經過AES-256解密之後就最終得到明文)。
以前老版本Skype的TCP封包加密是基于TCP RC4,而新版本Skype的TCP封包加密有所變化,貌似DH-384 based TCP RC4。
RC4算法介紹
RC4加密算法Ron Rivest(非常有名的非對稱加密算法RSA三巨頭之一)在1987年設計的,密鑰長度可變的流加密算法簇。之是以稱其為簇,是由于其核心部分的S-box長度可為任意,但一般為256位元組。該算法的速度可以達到DES加密的10倍左右,且具有很進階别的非線性。RC4起初是用于保護商業機密的。但是在1994年9月,它的算法被釋出在網際網路上,也就不再有什麼商業機密了。RC4也被叫做ARC4(Alleged RC4——所謂的RC4),因為RSA從來就沒有正式釋出過這個算法。
備注:RC4是對稱密鑰加密算法,而RSA是非對稱的加密算法。由于RC4算法加密是采用的xor,是以,一旦子密鑰序列出現了重複,密文就有可能被破解。那麼,RC4算法生成的子密鑰序列是否會出現重複呢?由于存在部分弱密鑰,使得子密鑰序列在不到100萬位元組内就發生了完全的重複,如果是部分重複,則可能在不到10萬位元組内就能發生重複,是以,推薦在使用RC4算法時,必須對加密密鑰進行測試,判斷其是否為弱密鑰。根據目前的分析結果,沒有任何的分析對于密鑰長度達到128位的RC4有效,是以,RC4是目前最安全的加密算法之一。
RC4算法介紹
RC4加密算法Ron Rivest(非常有名的非對稱加密算法RSA三巨頭之一)在1987年設計的,密鑰長度可變的流加密算法簇。之是以稱其為簇,是由于其核心部分的S-box長度可為任意,但一般為256位元組。該算法的速度可以達到DES加密的10倍左右,且具有很進階别的非線性。RC4起初是用于保護商業機密的。但是在1994年9月,它的算法被釋出在網際網路上,也就不再有什麼商業機密了。RC4也被叫做ARC4(Alleged RC4——所謂的RC4),因為RSA從來就沒有正式釋出過這個算法。
備注:RC4是對稱密鑰加密算法,而RSA是非對稱的加密算法。由于RC4算法加密是采用的xor,是以,一旦子密鑰序列出現了重複,密文就有可能被破解。那麼,RC4算法生成的子密鑰序列是否會出現重複呢?由于存在部分弱密鑰,使得子密鑰序列在不到100萬位元組内就發生了完全的重複,如果是部分重複,則可能在不到10萬位元組内就能發生重複,是以,推薦在使用RC4算法時,必須對加密密鑰進行測試,判斷其是否為弱密鑰。根據目前的分析結果,沒有任何的分析對于密鑰長度達到128位的RC4有效,是以,RC4是目前最安全的加密算法之一。
說白了就是調用兩次相同的方法,就會将第一加密的資料還原成原始資料,這裡的原始資料長度和私鑰很重要。
#include<iostream>
#include<cstring>
using namespace std;
void crypt(char cipher[]);///解密過程函數,根據輸入密鑰再一次生成密鑰流
void main()
{
cout<<"**************************RC4加解密程式**************************"<<endl;
cout<<"****************************歡迎使用*****************************"<<endl;
char choose1,choose2;
do{
int s[256],t[256];
char k[256];/使用者輸入的密鑰
char plaintext[1024],ciphertext[1024];
cout<<"輸入密鑰:";
cin>>k;
for(int i=0;i<256;i++)//給位元組狀态矢量和可變長的密鑰數組指派
{
s[i]=i;
t[i]=k[i%strlen(k)];
}
int j=0;
for(int i=0;i<256;i++) //使用可變長的密鑰數組初始化位元組狀态矢量數組s
{
int temp;
j=(j+s[i]+t[i])%256;
temp=s[i];
s[i]=s[j];
s[j]=temp;
}
cout<<"/n輸入要加密的字元串:"<<endl;
cin>>plaintext;
int m,n,key[256],q;
m=n=0;
int i;
cout<<"/n得到密文:"<<endl;
for(i=0;i<strlen(plaintext);i++)/由位元組狀态矢量數組變換生成密鑰流并對明文字元進行加密
{
int temp;
m=(m+1)% 256;
n=(n+s[n])% 256;
temp=s[m];
s[m]=s[n];
s[n]=temp;
q=(s[m]+s[n])%256;
key[i]=s[q];
ciphertext[i]=plaintext[i]^key[i];
cout<<ciphertext[i];
}
ciphertext[i]='/0';
cout<<endl;
//
/
//解密
cout<<"/n是否對上面的密文進行解密?(y/n)";
cin>>choose2;
while(choose2=='y'||choose2=='Y')
{
crypt(ciphertext);///解密過程函數
choose2='n';
}
cout<<endl;
cout<<"/n是否希望繼續使用程式?(y/n)";
cin>>choose1;
}while(choose1=='y'||choose1=='Y');
cout<<"/n****************************程式結束*****************************"<<endl<<endl;
system("pause");
}
/
///
//解密函數,密鑰流的生成與加密相同
void decrypt(char cipher[])
{
int s[256],t[256];
char k[256];/使用者輸入的密鑰
char plaintext[1024];
cout<<"/n輸入密鑰:";
cin>>k;
for(int i=0;i<256;i++)//給位元組狀态矢量和可變長的密鑰數組指派
{
s[i]=i;
t[i]=k[i%strlen(k)];
}
int j=0;
for(int i=0;i<256;i++) //使用可變長的密鑰數組初始化位元組狀态矢量數組s
{
int temp;
j=(j+s[i]+t[i])%256;
temp=s[i];
s[i]=s[j];
s[j]=temp;
}
int m,n,key[256],q;
m=n=0;
int i;
cout<<"/n解密後所得到明文是:"<<endl;
for(i=0;i<strlen(cipher);i++)/由位元組狀态矢量數組變換生成密鑰流并對密文字元進行解密
{
int temp;
m=(m+1)% 256;
n=(n+s[n])% 256;
temp=s[m];
s[m]=s[n];
s[n]=temp;
q=(s[m]+s[n])%256;
key[i]=s[q];
plaintext[i]=cipher[i]^key[i];
cout<<plaintext[i];
}
cout<<endl;
}
![各種二分查找[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)