For anyone unfamiliar with it, Proctorio is a browser extension used to eliminate cheating through intense surveillance techniques.
Its kind of abstract to think about , but the only thing you need to know about Zero Knowledge in Cryptography is that the output is a boolean .
Okay, so theyve built their own key distribution system and are encrypting with AES-GCM and shipped this in a Chrome extension.
If you download version 1.4.20241.1.0 of the Proctorio Chrome Extension, run src/assets/J5HG.js through a JS beautifier, and then look at its contents, you will quickly realize this is a JavaScript cryptography library.
Proctorios AES-GCM implementation exists in an object called dhs.mode.gcm, which is mildly obfuscated, but contains the following functions:
If youre not familiar with AES-GCM, just know this: Timing leaks can be used to leak your GMAC key to outside applications, which completely breaks the authentication of AES-GCM and opens the door to chosen-ciphertext attacks.
Since f gets bitwise right-shifted 128 times, this actually leaks the bit of every value of f in each block multiplication, since the execution of depends on whether or not g is set to true.
Schools that demand students install spyware on their personal computers are only a step removed from domestic abusers who install stalkerware on their victims phones.
Zoom school is really showing how much of American Education is just about controlling and punishing children and not actually, you know, teaching and educating them
Original article