Zoom Finally Takes Encryption Seriously: And Goes All GCM

Still not end-to-end, but a big improvement!

Zoom’s encryption has — to the say least — been novice. They used 128-bit AES keys and with ECB (Electronic Code Book). Any cybersecurity student should know that ECB is shockingly insecure (and is almost laughable in its implementation). But after great pressure from many in the community, Zoom is now upgrading with a new high-quality upgrade — 256-bit AES with GCM (Galois/Counter Mode).

So why GCM? Well, it’s perfect for video conferencing as it is a stream cipher, rather than a block cipher. Here is my implementation of the different modes:

Notice that the stream methods (OTB and GCM) do not need padding, as all we need to encrypt is an XOR of the data stream with the keystream. The processing thus becomes a key generation process and then once generated, it is a simple operation of XOR-ing the bits of the data stream and the keystream.

All of the AES modes use a salt (or IV) value, apart from ECB. With CBC we have feedback fed into…