W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: Support for ECB

From: Emily Stark <estark@MIT.EDU>
Date: Thu, 13 Sep 2012 17:24:13 -0400
Message-ID: <CANaV9Uy9YBYcjh3vvKDntyZBqpwybKd3-SShFeAAgpUWSWEtGw@mail.gmail.com>
To: Zooko Wilcox-OHearn <zooko@leastauthority.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
What about Vijay's BitLocker example, where ECB is used to derive IVs that
get passed into CBC? (Or did you mean other examples besides Bitlocker?)

On Thu, Sep 13, 2012 at 4:56 PM, Zooko Wilcox-OHearn <
zooko@leastauthority.com> wrote:

> On Thu, Sep 13, 2012 at 11:27 AM, Anthony Nadalin <tonynad@microsoft.com>
> wrote:
> > There are existing usages of ECB, why would we force a change here?
>
> I am aware of many existing (or at least recent-past) uses of ECB that
> were insecure. I'm not aware of any other uses of ECB -- ones that are
> still current and that are not dangerously insecure. Does someone have
> some examples of where ECB mode is used today?
>
> Regards,
>
> Zooko Wilcox-O'Hearn
>
> Founder, CEO, and Customer Support Rep -- Least Authority Enterprises
>
> https://leastauthority.com
>
>
Received on Thursday, 13 September 2012 21:24:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 21:24:44 GMT