Re Gordon 10
"Are PI saying that phrases are identifiable AFTER skypes encryption is added?
If the encryption is a integral part of the codec then this is a major fail for skype.
If PI's tests were based on a pre-encrypted stream it seems like a non-argument."
I think what they're trying to say is that because a variable bitrate compression algorithm is used, you'll get variable bitrates of the ciphertext (ciphervoice?). you can then analyst when it was at low levels (Quiet) vs high rates (speaking) and try and use the length of the words to identify phrases.
I don't believe codecs generally used by more standard compliant SIP solutions tend to use variable bitrate, eg g.711 certainly doesn't, so if a good crypto wrapper (Eg TLS with a decent cipher) is applied around this codec then the same sort of attack wouldn't be possible
Interesting attack vector.