[Cryptography] "Zoom's end-to-end encryption isn't
peter at tsto.co.uk
Fri Apr 3 09:21:41 EDT 2020
On 03/04/2020 04:07, Henry Baker wrote:
> So I was thinking, how secure/private could a multiple-party
> Zoom conference possibly be?
> So let's do end2end encryption on every video/audio feed.
> So let's assume that the server only sees encrypted audio & video
> The server still knows who each of the participants is: it knows
> their IP addresses & verified email addresses.
> Are there any better ways to hold a group conference?
To begin: You don't use, or need, a central server.
Sixth law : Only those you trust can betray you.
The first 10 laws of secure information systems design - there are more
laws, plus some principles, but they are still a work in progress:
0 It's all about who is in control
1 Someone else is after your stuff
2 Stuff you don't have can't be stolen from you
3 Attack methods are many, varied, ever-changing and eternal
4 Everywhere is subject to attack
5 Complex systems provide more places to attack
6 Only those you trust can betray you
7 Holes for good guys are holes for bad guys too
8 A system which is hard to use will be abused or unused
9 Security is a Boolean
More information about the cryptography