Originally posted by PlausibleDeniability
Hey Bedlam, much respect to you sir for all the incredibly interesting info you've contributed to this board over the years but sometimes you might
as well be speaking tongues. This is one of those times. Can you explain all that in English please? It sounds very very interesting but all the
schmucks like me can only understant half of it.
Hmm. Where to start.
The OP's article describes a system where your local ISP has a program running on one of its servers. When you make a Skype, vonage etc VOIP call,
instead of going to the end user directly as Skype does, you'll actually be routed through the ISP. The ISP's server will receive your call, and
place an outgoing call to your recipient. Thus, the ISP's server will have access to the decrypted call data. This general type of interception is
called a "man in the middle" attack, for obvious reasons, only in this case instead of being a one-off thing is going to be enshrined in law.
Currently in the US, the group of regulations called CALEA covers intercepting and diverting calls to law enforcement for regular call traffic. Skype
has so far eluded them since it doesn't go through a switched network like the phone system. However, they're apparently about to require that VOIP
traffic be brought under CALEA, or whatever the other country of your choice calls it. I know the UK has a version of it as well. This program would
give them the ability to do this.
Another poster stated that AES encryption, which uses prime number factoring, was likely unbreakable. At a time in the past, the NSA was very freaked
out over the use of phones on the public telephone system that were scrambled using various forms of prime number encryption. To the point that laws
were being passed that required any encrypted phone traffic to use a system called Clipper, which was a key-escrow system. Basically, you could have a
scrambled phone if and only if you used the NSA's encryption method, and only if you had given them the decryption key ahead of time. They promised
not to peek without a court order, but hey, it's the NSA.
At any rate, shortly after Clipper came out, someone found a big hole in the algorithm and hacked it. It was a big hairy deal for a month or so, then
suddenly the NSA said 'we don't care anymore la la la', and Clipper died a gruesome and immediate death.
At a meeting at Redstone that was for something else entirely, this came up, not long after Clipper was a dead issue. The NSA wonk that was doing the
death-by-powerpoint for the meeting said "key escrow systems are no longer necessary as encryption of this type is no longer an issue for us", and
I'm pretty sure that's close to an exact quote although it's been years. That hit the trade rags, and no one paid attention. I don't know another
way to interpret that comment, though, than that AES et al are breakable in real time.