German Authorities Cannot Crack Skype Encryption. Should You Use The Same for Your Endpoint Security?.

As I was scanning the news in some Spanish sites, I came across an article at where German police profess having problems with the encryption used by Skype, the Internet-based telephone company now owned by eBay.


Based on the November 22nd article, the German police have been unable to decipher the encrypted calls.  The German authorities have been trying to tap the calls of those suspected of terrorism and other potential crimes, but have found the encryption impossible to break, and are looking for ways to intercept the calls prior to being encrypted or after it has been decrypted, on the receiving end.  An official was quoted as expressly stating that they are not asking for companies to divulge their encryption keys or asking for companies to establish a backdoor.


The Spanish article is kind of surprising, not in that the encryption used by Skype is unbreakable, but that the German authorities are claiming that they can’t break it.  Because about a year ago, one would have been under the assumption that they can break it: In a New York Times article on May 21 of last year, a vice president at Verisign had divulged that the Germans “had the technology for intercepting and decrypting Skype phone calls.”  Of course, this doesn’t mean that they were successfully decrypting the calls.  Or maybe somebody was engaged in misinformation, but still….  Makes one wonder why German authorities are going around making such announcements.  Generally, those dealing with intelligence issues don’t want outsiders—much less the world—to know what they do and don’t know, what they can and cannot do.  I didn’t think much of it at the time, since I’m not a Skype user (and still am not).


However, my curiosity roused by the article, I checked on the way back machine to see if Skype has changed their encryption method in the past year, and it doesn’t look like it.  A comparison between their FAQ from January 2006 and today shows that Skype still employs AES-256, the same used by the US government to protect its own data.  In fact, the language on both FAQs is exactly the same.  I wonder if the Verisign executive was misquoted:  If the Germans had been able to break this particular encryption technology, you can bet that the US Government wouldn’t be using it either, and all hell would’ve broken loose in the security community.  As far as I know, AES-256 is currently the encryption standard.


Now that two governments are indirectly, if you will, recommending this particular encryption standard (what coud be a better recommendation that actually using it, right?), one might wonder, “is this available for the average layperson or commercial business?”  The answer is an emphatic yes.  Services such as AlertBoot are engaged in making sure the contents of laptops and files are untouchable from prying eyes by using AES-256—or other encryption standards if you desire—to secure data on laptops, desktops, smart phones, external hard disks, USB drives, etc.  Furthermore, the beauty is that your IT department doesn’t have to get involved if someone forgets their password, since there are internet and phone-based recovery procedures, lowering the costs of maintaining a secure environment.  Deployment of such services is quick and painless, as well.  You can check out details by going to

Comments (0)

Let us know what you think