Zoom uses the SILK codec, Constant Bit Rate (after some bandwidth negotiation); as others have pointed out audio and video noise both fight ECBs weaknesses. It’s actually more secure on the wire than many conferencing systems I’ve looked at.https://twitter.com/colmmacc/status/1246160773379796994 …
-
-
I see your point but it still smells like "security by accident". Compression might change tomorrow for whatever reason. But could you provide more detail about AES-CBC vs AES-GCM for HTTP? I am genuinely interested. Thanks.
- 1 more reply
New conversation -
-
-
Does that mean ECB was actually the best choice here? Re: checklists, it doesn't get much better if non-crypto folks are left with "do-not-write-crypto" mantra but also with "beware-generic-choices-cryptographers-made-for-you"
-
NO. ECB is never the best choice. Even if it’s leaking very little of value, it’s still leaking _something_.
- 5 more replies
New conversation -
-
-
@threadreaderapp kindly unroll -
Hola, the unroll you asked for:
@colmmacc: Zoom uses the SILK codec, Constant Bit Rate (after some bandwidth negotiation); as others have pointed out… https://threadreaderapp.com/thread/1246843820110532608.html … Share this if you think it's interesting.
End of conversation
New conversation -
-
-
The problem with ECB is that it shows zero basic understanding. The other horror stories of security showing up strengthen this. Let’s hope they take it seriously and improve. But saying “ECB isn’t that bad” is really missing the point.
- 3 more replies
New conversation -
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
