It really bugs me that the consensus approach on to "how secure is this network encryption?" isn't to first analyze it from the perspective of a tapping adversary. This approach also makes it plain that AES-GCM is weaker than AES-CBC for HTTP, for the most egregious example.
-
-
Show this thread
-
There are very good reasons why ECB is considered "avoid", but context-free checklists don't really tell you a lot; and non-crypto context (like compression here, or timing elsewhere) are often much more important.
Show this thread
End of conversation
New conversation -
-
-
“more secure than many” doesn’t feel like the bar Zoom should be shooting for? Vs eg “secure” or “transparent about the tradeoffs it makes”, etc?
-
I'll put it this way: if someone were tapping my Internet connection, I wouldn't be so worried about them able to decrypt a Zoom call. Meanwhile there are solutions out there where it could be an undergrad project.
- 4 more replies
New conversation -
-
-
I really wish I could do a thread about the time I got drug into court over the tamper resistance of h.264 over encrypted rtp... but I’m pretty sure I can’t.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.