Quote:As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22.
Video calling platform Zoom is boosting its security profile via the acquisition of a small startup called Keybase. The 25-person, New York-based company will provide more robust encryption for Zoom calls on paid subscriptions by implementing an end-to-end architecture.
“Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees,” Zoom CEO Eric Yuan explained in a Thursday blog post. “An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees.”
Critically, the encryption key for the calls will not be kept on Zoom’s servers, as they are today. In Zoom’s existing approach, content is encrypted using industry-standard AES-GCM with 256-bit keys, and decrypted at the other end of the session call, Yuan explained. The encryption keys for each meeting are generated by Zoom’s servers.
With Keybase implemented, those keys will be under the control of the host.
“The host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting,” Yuan said. “We are also investigating mechanisms that would allow enterprise users to provide additional levels of authentication.”
Read more: https://threatpost.com/zoom-acquires-key...on/155557/
![[-]](https://www.geeks.fyi/images/collapse.png)
