[Cryptography] "Zoom's end-to-end encryption isn't

Bill Frantz frantz at pwpconsult.com
Tue Apr 7 22:50:28 EDT 2020

On 4/7/20 at 10:20 AM, leichter at lrw.com (Jerry Leichter) wrote:

>4.  They apparently do use AES in ECB mode.  In practical 
>terms, when you are encrypting a compressed video stream ... 
>how much does this really matter?

I think this might allow an attacker to find out what parts of 
the image and what parts are not. My understanding of compressed 
video is that the entire image is sent fairly frequently to 
allow newcomers to start displaying the image, and to recover 
from dropped packets. It sounds like it would be straight 
forward to pull out the entire image packets based on timing 
and/or size and then see where the differences are in the cypher text.

It may not be easy, but it seems possible enough to cause me to worry.

Cheers - Bill

Bill Frantz        |Security, like correctness, is| Periwinkle
(408)348-7900      |not an add-on feature. - Attr-| 150 
Rivermead Rd #235
www.pwpconsult.com |ibuted to Andrew Tanenbaum    | 
Peterborough, NH 03458

More information about the cryptography mailing list