[Cryptography] NSA security guidelines for videoconferencing
gnu at toad.com
Mon May 4 06:06:39 EDT 2020
Whitfield Diffie <whitfield.diffie at gmail.com> wrote:
BW> Unless the algorithm is rot0 or the user is a savant, some software
BW> is being trusted. And I doubt that even a savant could handle video
BW> encryption at frame rate.
> This is a different sort of objection and surprises me. It is a
> factual question; does somebody have the facts?
There's a pretty good reverse-engineering of the Zoom Web client here,
by some people who specialize in doing streaming-video-over-internet
(webrtc) in browsers:
The same site has other articles analyzing various other video
conferencing methods. Here's one:
"Does your video call have End-to-End Encryption? Probably not..."
Here is a quick demo from three weeks ago of how they used a new
true end-to-end encryption for the free software Jitsi web application.
(Spoiler: they superencrypt the actual video stream, since the raw
stream is getting sent over TLS, and TLS is negotiating keys with an
endpoint at a media relay service, not at the other user. They are
still working out all the details of key agreement -- anybody want to
More information about the cryptography