![]() ![]() ![]() Just deleted my account," tweeted one user. Not all Keybase users are happy with the move, pointing to Zoom's repeated stumbles managing the video conferencing service's security. Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us.” There are no specific plans for the Keybase app yet. In a blog post today, Keybase said: “Initially, our single top priority is helping to make Zoom even more secure. However, the fate of Keybase’s existing products is a bit murky. “Once we have assessed this feedback for integration into a final design, we will announce our engineering milestones and goals for deploying to Zoom users,” the company said. Zoom plans on publishing more details about the end-to-end encryption implementation on May 22, with the goal of getting feedback from the security community and customers. “We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises,” the company added. But the system should be applicable to most users, who are connecting via PC and mobile devices. Since 2017, Keybase has been offering its own end-to-end encrypted chat system, which works on PCs and smartphones.Īs for Zoom, the company’s proposed end-to-end encryption does have a few limitations: It won’t work for meeting sessions that let people connect via a phone call, or when Zoom’s cloud video recording is switched on. So Zoom is enlisting Keybase, which has experience managing encryption keys over the internet. “The cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting.”īuilding this system isn’t easy. “This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees,” the company said in today’s announcement. To fix this, Zoom is creating an end-to-end system that will generate the encryption keys to video sessions from the meeting host’s computer - not from a company server. Although Zoom says it's never mishandled the keys, by holding on to them, the company theoretically has the power to decrypt your video sessions, or transfer the keys to someone else, like a government authority. However, the main flaw with Zoom’s system is how the encryption keys are generated and stored on the company’s servers. The video conferencing service does encrypt your video sessions-scrambling the content as it's sent over an internet network and decrypting it to make the video data clear once it arrives on your computer. The purchase, announced on Thursday, occurs weeks after Zoom admitted it actually wasn’t offering full encryption as previously advertised. To offer end-to-end encryption, Zoom is acquiring Keybase, a provider of secure messaging and file-sharing. Keybase staff will help build an end-to-end encryption system for Zoom’s video conferencing service, which will be available to paid users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |