[Cryptography] "Zoom's end-to-end encryption isn't

John-Mark Gurney jmg at funkthat.com
Thu Apr 9 20:52:32 EDT 2020


Bill Frantz wrote this message on Tue, Apr 07, 2020 at 22:50 -0400:
> On 4/7/20 at 10:20 AM, leichter at lrw.com (Jerry Leichter) wrote:
> 
> >4.  They apparently do use AES in ECB mode.  In practical 
> >terms, when you are encrypting a compressed video stream ... 
> >how much does this really matter?
> 
> I think this might allow an attacker to find out what parts of 
> the image and what parts are not. My understanding of compressed 
> video is that the entire image is sent fairly frequently to 
> allow newcomers to start displaying the image, and to recover 
> from dropped packets. It sounds like it would be straight 
> forward to pull out the entire image packets based on timing 
> and/or size and then see where the differences are in the cypher text.
> 
> It may not be easy, but it seems possible enough to cause me to worry.

Have you looked at how JPEG/MPEG compression works?  How webcams have
noise in them and now that interplays with compression?

I welcome your paper describing how you managed to do this in the
coming weeks.

Simple thing to do is to run an entropy analysis on a Zoom stream...
Take all the 128bit blocks, and check to see if any repeat...  If
you notice a repetition, then investigate that.  I have a feeling
you'll see a lot repetition than you think you will.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the cryptography mailing list