Comment by SAI_Peregrinus

Comment by SAI_Peregrinus 17 hours ago

2 replies

View on Hacker News

The static symmetric key is fundamentally different from an ephemeral asymmetric key. We've no indication that symmetric encryption is vulnerable to "store now, decrypt later" attacks when used with a sufficiently long key, which Signal has. Non-post-quantum asymmertic cryptography is vulnerable to "store now, decrypt later" attacks, which is why forward secrecy is needed.

The backups feature doesn't open up any new vulnerability that didn't inherently exist in sending messages to someone else you might not fully trust. One person in a group chat can also take pictures of their phone's screen & upload your messages to the public.

tptacek 17 hours ago

I think they're making a point that is broader than PQ and a more general complaint about Signal's direction.

Reply View 0 replies
cma 16 hours ago

Images can be modified, won't these essentially be signed as verifiably coming from the sender, or is cryptographic proof of that thrown away in what they store?

Reply View 0 replies