[Cryptography] "Zoom's end-to-end encryption isn't
John-Mark Gurney
jmg at funkthat.com
Thu Apr 9 20:52:32 EDT 2020
Bill Frantz wrote this message on Tue, Apr 07, 2020 at 22:50 -0400:
> On 4/7/20 at 10:20 AM, leichter at lrw.com (Jerry Leichter) wrote:
>
> >4. They apparently do use AES in ECB mode. In practical
> >terms, when you are encrypting a compressed video stream ...
> >how much does this really matter?
>
> I think this might allow an attacker to find out what parts of
> the image and what parts are not. My understanding of compressed
> video is that the entire image is sent fairly frequently to
> allow newcomers to start displaying the image, and to recover
> from dropped packets. It sounds like it would be straight
> forward to pull out the entire image packets based on timing
> and/or size and then see where the differences are in the cypher text.
>
> It may not be easy, but it seems possible enough to cause me to worry.
Have you looked at how JPEG/MPEG compression works? How webcams have
noise in them and now that interplays with compression?
I welcome your paper describing how you managed to do this in the
coming weeks.
Simple thing to do is to run an entropy analysis on a Zoom stream...
Take all the 128bit blocks, and check to see if any repeat... If
you notice a repetition, then investigate that. I have a feeling
you'll see a lot repetition than you think you will.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list