Zoom uses the SILK codec, Constant Bit Rate (after some bandwidth negotiation); as others have pointed out audio and video noise both fight ECBs weaknesses. It’s actually more secure on the wire than many conferencing systems I’ve looked at.https://twitter.com/colmmacc/status/1246160773379796994 …
-
Show this thread
-
It really bugs me that the consensus approach on to "how secure is this network encryption?" isn't to first analyze it from the perspective of a tapping adversary. This approach also makes it plain that AES-GCM is weaker than AES-CBC for HTTP, for the most egregious example.
2 replies 0 retweets 18 likesShow this thread -
There are very good reasons why ECB is considered "avoid", but context-free checklists don't really tell you a lot; and non-crypto context (like compression here, or timing elsewhere) are often much more important.
5 replies 4 retweets 31 likesShow this thread -
Replying to @colmmacc
Agree re the hazard of checklists. Are you saying the non-crypto-grade noise in a constant-bit-rate codec is sufficient to overcome the standard ECB attacks? From a threat model point of view, that may be adequate for most (from a theoretical pov that is weak).
1 reply 0 retweets 0 likes
The way ECB works even a single-bit difference in a plaintext block is significant. Even a low-definition 720p video frame represents ~ 2**50 bits of noisy input.
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.