Skype security and encryption review now available
Ever since Skype was launched, we have said it is, and will remain, secure. Your Skype-to-Skype calls, chats and other communications are end-to-end encryped.
What sometimes happens is that after claiming this, we get asked “you say you’re secure… so prove it”. That’s a valid question — anyone can claim anything about their own product. We have recognized that you want more assurance than we say ourselves. So we did a comprehensive external security review of Skype, focusing on its encryption methods.
We’re happy to report that the work is now complete and you can [download the full report](http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf) from [Skype security center](http://www.skype.com/security) ([PGP signature](http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf.sig)). There’s also an [executive summary](http://blogs.skype.com/images/stories/images/blog/products/2005-031 security evaluation execsum.pdf) available. Note that while the full report was compiled by [Dr. Tom Berson](http://www.anagram.com/berson/index.html) from [Anagram Laboratories](http://www.anagram.com/), the summary is written in-house by Skype based on the full report.
In short, the conclusion of the report is that Skype uses standards-based methods and a sound design to secure its users, software and system, and does what it says — is secure. Of course, security is never “done”, so security continues to be an important track in all Skype developments and operations.
]]>Who are Tom Berson and Anagram anyway? In [their own words](http://www.anagram.com/):
> Anagram Laboratories is an information security consultancy based in Palo Alto, CA. Anagram was founded in 1986, back before information security was cool. Dr. Thomas A. Berson, Anagram’s owner, has more than 35 years experience in cryptology and computer security.
Tom is a long-time veteran information security expert widely respected by his peers in the security industry. This is a standard method of doing this type of research — you don’t just want to get anyone “off the street” to do it for you because the name is unknown in the industry and the quality cannot be trusted. Our selection process for finding the right person and company to do the Skype security review started more than a year ago, and we’re happy to have ended up working with Dr Berson.
As Skype and its software and services evolve, so does the need for security and similar reviews. This won’t remain the last one, but we’re happy to get our security review process off the ground with this report.