“This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees,” the company said in today’s announcement. To fix this, Zoom is creating an end-to-end system that will generate the encryption keys to video sessions from the meeting host’s computer - not from a company server. Although Zoom says it's never mishandled the keys, by holding on to them, the company theoretically has the power to decrypt your video sessions, or transfer the keys to someone else, like a government authority. However, the main flaw with Zoom’s system is how the encryption keys are generated and stored on the company’s servers. The video conferencing service does encrypt your video sessions-scrambling the content as it's sent over an internet network and decrypting it to make the video data clear once it arrives on your computer. The purchase, announced (Opens in a new window) on Thursday, occurs weeks after Zoom admitted it actually wasn’t offering full encryption as previously advertised. To offer end-to-end encryption, Zoom is acquiring Keybase, a provider of secure messaging and file-sharing. Keybase staff will help build an end-to-end encryption system for Zoom’s video conferencing service, which will be available to paid users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |