[Cryptography] "Zoom's end-to-end encryption isn't
angel at crypto.16bits.net
Fri Apr 3 21:30:51 EDT 2020
On 2020-04-03 at 00:56 +0100, Peter Fairbrother wrote:
> actually end-to-end at all. Good thing the PM isn't using it for Cabinet
> calls. Oh, for f..."
> not end-to-end despite explicit claim
> mines all your data
> sends data to facebook
> big login hole
> host can detect if watchers present
> all your base are belong to us
> Peter Fairbrother
Well, today you have an even bigger piece of Zoom news. Citizen Lab
- an undisclosed security issue with Zoom’s Waiting Room feature that
they are waiting for Zoom to fix before publishing
- that all the participants use the same encryption key, which is
provided by a server located in China¹
- which is then used to encrypt the video and audio using -hold tight-
AES in ECB mode.
¹ It is possible that it is *sometimes* generated by servers in the US.
They only found that the key securing a US-Canada conference was
provided by a Chinese server, not how often those were used.
More information about the cryptography