On Thu, 18 May 2006 barcajax@gmail.com wrote:
I have recently installed SimpLite-MSN software
(http://www.secway.fr/us/products/simplite_msn/) to encrypt my IM
messages.
First of all, it is not very smart to use non--open-source software
for real security.
There is infinite number of ways how RSA and AES can be used to create
insecure protocol. Apparently, there is no specification of the
protocol they use...
For this software to work, it requires both the sender and
receipient to both have this software installed and running during
the IM session. SimpLite behaves as a proxy so MSN Messenger talks
to SimpLite locally and SimpLite will exchange traffics with the MSN
network.
It is not clear: they use the messenger protocol with encryption
of the messages, or they use their own protocol and convert messages
to the messenger protocol locally?
Seems that his ISP is able to recognise that the packets that are
being exchanged are encrypted and dropped accordingly because he is
able to resume using MSN Messenger only after turning off SimpLite.
Is my hypothesis correct? If yes, would anyone hazard a guess how
the ISP is doing so?
Since it is quite unlikely that ISP checks whether messages are plain
text or cipher text, I guess that they use their own protocol, and
this protocol or (more likely) the ports it uses are blocked.
It is possible to distinguish plain text from cipher text using the
entropy estimates: cipher text looks like a stream of random numbers
and is not compressible, but plain text is easily compressible. ISP
can just calculate what is the compression ratio of a message and acts
accordingly. (Of course, this strategy can be easily neutralized by
using steganographic techniques.)
--
Regards,
ASK
