Re: Support for ECB from Emily Stark on 2012-09-13 (public-webcrypto@w3.org from September 2012)

From: Emily Stark <estark@MIT.EDU>
Date: Thu, 13 Sep 2012 17:24:13 -0400
To: Zooko Wilcox-OHearn <zooko@leastauthority.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CANaV9Uy9YBYcjh3vvKDntyZBqpwybKd3-SShFeAAgpUWSWEtGw@mail.gmail.com>

What about Vijay's BitLocker example, where ECB is used to derive IVs that
get passed into CBC? (Or did you mean other examples besides Bitlocker?)

On Thu, Sep 13, 2012 at 4:56 PM, Zooko Wilcox-OHearn <
zooko@leastauthority.com> wrote:

> On Thu, Sep 13, 2012 at 11:27 AM, Anthony Nadalin <tonynad@microsoft.com>
> wrote:
> > There are existing usages of ECB, why would we force a change here?
>
> I am aware of many existing (or at least recent-past) uses of ECB that
> were insecure. I'm not aware of any other uses of ECB -- ones that are
> still current and that are not dangerously insecure. Does someone have
> some examples of where ECB mode is used today?
>
> Regards,
>
> Zooko Wilcox-O'Hearn
>
> Founder, CEO, and Customer Support Rep -- Least Authority Enterprises
>
> https://leastauthority.com
>
>

Received on Thursday, 13 September 2012 21:24:43 UTC