Zoom uses the SILK codec, Constant Bit Rate (after some bandwidth negotiation); as others have pointed out audio and video noise both fight ECBs weaknesses. It’s actually more secure on the wire than many conferencing systems I’ve looked at.https://twitter.com/colmmacc/status/1246160773379796994 …
-
-
There are very good reasons why ECB is considered "avoid", but context-free checklists don't really tell you a lot; and non-crypto context (like compression here, or timing elsewhere) are often much more important.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Can I bother you for an explanation here? It isn’t obvious to me why GCM would be worse than CBC for HTTP traffic. A quick Google search wasn’t illuminating.
-
GCM is length preserving. CBC rounds up to the nearest block. With GCM a tapper sees the exact length the requests and responses, which together is enough to fingerprint content. With CBC it's doable but much harder and reveals a smaller percentage of content.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.