Hi guys,
I was reading the code of js-sdk. I noticed the use of ECB mode in crypto.js . Any specific reason to choose ECB over CBS?
Reason for asking: we know that ECB can leak information about plain text since this mode of encryption preserves pattern in the input. We have already seen case of Zoom which was using ECB.
Aes ecb weaknesses come from the limited block size it has, such as if you have a big flow of data to encrypt and you decide to stream this into a Cypher without running compression you will undubitably have a higher chance of collisions. This would not be an issue if ecb blocksize could be incremented to be larger than the clear text block.
Having said that it looks to me as if the part being encrypted with ecb is both static in nature and shorter than the blocksize.
An Sha checksum for a clear text is always the same, a checksum is the same length or smaller than an ecb blocksize, and the ecb of a checksum with the same key is always the same.
i don’t see how the partitioning and example you provide from the link affects this particular section of code.