Surely No-one Uses ECB Mode in AES?

Before I start, I must say that Zoom is my standard VC package and I love its performance and easy of setup.

For cryptography one of the first lessons is to explain why you should never use the EBC mode in AES. It’s then a standard exam question on why you should use salt (and Initialisation Vector — IV) to protect the data. And so, it was a bit of a shock to read that Zoom has been using ECB for its video conferencing, and it make you wonder if many companies really understand encryption. I appreciate there may be reasons they have made that decision, but from a security point of view it is terrible!

Blocks

Encryption normally works by taking a number of text blocks, and then applies a key to these to produce cipher blocks. Typical block sizes are 64 or 128 bits (8 bytes or 16 bytes). Unfortunately, the cipher blocks could end up being the same, for the same input text. Thus an intruder could try and guess the cipher text. This is known as electronic code book. For example if we use 3DES to encrypt the word “fred”, with a key of “bert12345”, we will always get:

HgvGuzedMg8=

If you want to try this go to: here.

You will find that ever time you encrypt, you will get the same value. Thus the intruder could start to guess what your mapping of the plain…