Note that I was asking specifically about deterministic modes. Those include SIV mode [1] but not the more common CBC, CTR, etc.
Any deterministic encryption relies on entropy of the plaintext for security [2]. This is not unique to ECB.
My objection was to the hyperbolic phrase "trivially broken." SIV mode is deterministic, but nobody who understands what it does would call it "trivially broken."
And I'm definitely not saying that anyone should use ECB. Just that in this case, the vulnerability may not live up to the hype.
By all means, go ahead bashing on Zoom. It's the cool thing to do these days, and clearly they've done enough to deserve most of it.
I'm personally more upset that they're advertising 256bit AES yet using 128bit AES. Sure, 128bit is still fine to use today, but it's still false advertising. They're already falsely claiming end-to-end encryption. It doesn't help that they're using the weakest mode of AES on top of all of this.
If Zoom had a security audit, the auditors would quickly suggest using either some sort of ECB-based algorithm that uses an SIV, or just AES-CTR. I'm guessing they went with ECB due to its parallelization of the encryption/decryption process, which totally makes sense, except that there are much more secure algorithms out there.
Any deterministic encryption relies on entropy of the plaintext for security [2]. This is not unique to ECB.
My objection was to the hyperbolic phrase "trivially broken." SIV mode is deterministic, but nobody who understands what it does would call it "trivially broken."
And I'm definitely not saying that anyone should use ECB. Just that in this case, the vulnerability may not live up to the hype.
By all means, go ahead bashing on Zoom. It's the cool thing to do these days, and clearly they've done enough to deserve most of it.
[1] https://web.cs.ucdavis.edu/~rogaway/papers/siv.pdf
[2] https://eprint.iacr.org/2006/186