Hi All! I am looking for real-time encryption methods/protocols for streaming A / V / Text data. I plan to build an app similar to Skype and since Skype doesn't really reveal much about its security architecture, I'm looking for ingenious solutions. Any suggestions/help would be welcome.
>From whatever research I did about Skype, I found the following things: Skype has implemented majority of its encryption modules by itself and which are built to comply with standards but applied in their own ingenious ways such as the AES block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash function, and the RC4 stream cipher. It uses 256-bit encryption in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates. The key size used for signing here is 1536-2048, which is significantly greater than 1024-bit keys that are a global norm. It has also set up its own CA for authentication. On first usage, a client contacts Skype's master server which issues a certificate from its indigenous CA. Besides the above cryptographic algorithms, Skype has also implemented its own proprietary key-exchange protocol which it uses for key exchange. I guess they have borrowed most of the features of SSL and implemented it according to their needs besides "fixing" its need for a connection-oriented protocol. I guess we could also have the same functionality using IPSec in "transport" mode and creating a indigenous CA.. I DO NOT PLAN TO USE VPNs, so using "tunnel" mode is out of question... The question is, can we use IPSec to secure UDP data communication?? If yes, HOW?? (since using TCP to transport A / V data would cause huge "delays".. So SSL is also out of question...) One more option would be to use DTLS - I needed to know if NSS supports DTLS... Have already developed apps with NSS.. so life could be a lot more easier if NSS did support DTLS.. :D Another option would be to use SSH but again, I'm not sure if it can be used with UDP and also about its authentication methods. Comments would be welcome. Also, I'm looking for suitable forums/IRC channels to discuss the topic more. Could the people here suggest me some??? Regards, D3|\||\|!$ _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
