RE: Support for ECB from Anthony Nadalin on 2012-09-13 (public-webcrypto@w3.org from September 2012)

From: Anthony Nadalin <tonynad@microsoft.com>
Date: Thu, 13 Sep 2012 21:29:21 +0000
To: Emily Stark <estark@MIT.EDU>, Zooko Wilcox-OHearn <zooko@leastauthority.com>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <B26C1EF377CB694EAB6BDDC8E624B6E7662A8ED1@BL2PRD0310MB362.namprd03.prod.outlook.>

There are many uses here in Microsoft products and services using ECB for key wrapping

From: Emily Stark [mailto:estark@MIT.EDU]
Sent: Thursday, September 13, 2012 2:24 PM
To: Zooko Wilcox-OHearn
Cc: public-webcrypto@w3.org
Subject: Re: Support for ECB

What about Vijay's BitLocker example, where ECB is used to derive IVs that get passed into CBC? (Or did you mean other examples besides Bitlocker?)

On Thu, Sep 13, 2012 at 4:56 PM, Zooko Wilcox-OHearn <zooko@leastauthority.com<mailto:zooko@leastauthority.com>> wrote:
On Thu, Sep 13, 2012 at 11:27 AM, Anthony Nadalin <tonynad@microsoft.com<mailto:tonynad@microsoft.com>> wrote:
> There are existing usages of ECB, why would we force a change here?
I am aware of many existing (or at least recent-past) uses of ECB that
were insecure. I'm not aware of any other uses of ECB -- ones that are
still current and that are not dangerously insecure. Does someone have
some examples of where ECB mode is used today?

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep -- Least Authority Enterprises

https://leastauthority.com

Received on Thursday, 13 September 2012 21:30:56 UTC