October 21, 2005
Ever since Skype was launched, we have said it is, and will remain, secure.
Your Skype-to-Skype calls, chats and other communications are end-to-end
What sometimes happens is that after claiming this, we get asked "you say
you're secure... so prove it". That's a valid question -- anyone can claim
anything about their own product. We have recognized that you want more
assurance than we say ourselves. So we did a comprehensive external security
review of Skype, focusing on its encryption methods.
We're happy to report that the work is now complete and you can see
the full report from
Skype security center.
There's also an
executive summary available. Note that while the full report
was compiled by Dr.
Anagram Laboratories, the summary is written
in-house by Skype based on the full report.
In short, the conclusion of the report is that Skype uses standards-based
methods and a sound design to secure its users, software and system, and
does what it says - is secure. Of course, security is never "done", so
security continues to be an important track in all Skype developments and
Who are Tom Berson and Anagram anyway?
Anagram Laboratories is an information security consultancy based in Palo
Alto, CA. Anagram was founded in 1986, back before information security was
Dr. Thomas A. Berson, Anagram's owner, has more than 35 years
experience in cryptology and computer security.
Tom is a long-time veteran information security expert widely respected by
his peers in the security industry. This is a standard method of doing this
type of research - you don't just want to get anyone "off the street" to do
it for you because the name is unknown in the industry and the quality
cannot be trusted.
Our selection process for finding the right person and
company to do the Skype security review started more than a year ago, and
we're happy to have ended up working with Dr Berson.
As Skype and its software and services evolve, so does the need for security
and similar reviews. This won't remain the last one, but we're happy to get
our security review process off the ground with this report.