Comment by ragona

Comment by ragona a day ago

Definitely, but when we're running around sprinkling PQ algorithms all over the place, it's on top of the asymmetric bits, not replacing the "boring" stuff like your symmetrically encrypted backups. Shit certainly does happen, especially where key management is involved, but I'm not sure I agree that offering an encrypted backup feature is necessarily undoing the FS/PCS story.

edit: Well, let me argue with myself for a moment. I don't think offering an encrypted backup feature undoes the PQ story. But FS/PCS is weakened, sure, since we're talking about all types of shit happening, not just currently known (or strongly theorized) attacks.

tptacek a day ago

I think they point they're making doesn't have much to do with PQ.

Reply View 2 replies

elvisloops a day ago

Yes, if Signal has effectively removed ratcheting and forward secrecy from the logical "encryption protocol" by encrypting all messages (even disappearing messages) with a single static key that never changes for your lifetime and sending them to the cloud, then all this talk about "post-quantum ratchets" is theater. There are no ratchets.

Reply View | 1 reply
- tptacek a day ago
  
  I think it's a valid point but also that it assumes a lot about the threat model that can be disputed, so your "theater" point is not well taken.
  
  Reply View | 0 replies