Oddbean new post about login | logout The goal is to add more features later. FS does not protect against quantum computers, which will decrypt all previous signal conversations. FS does not protect against metadata leakage, which is present in both nostr and signal.
awesome, excited to see what else is in store. but presumably if quantum is a risk for FS in your dms, it’s also a risk for your bank web traffic and the bitcoin network, right? quantum decryption is an existential risk to most/all widely deployed encryption schemes isn’t it?
Correct! Threat of "Harvest now, decrypt later" is real.
What metadata is leaked by Signal, please?
It's possible to deduce who messages whom (timing / correlation attack). All user contacts are uploaded to Signal servers (they say it's stored in SGX - which may be broken). Groups also store some data on Signal servers. And - most important - Signal relies on phone numbers.
How do you "may be bedlam broken" SGX, @paulmillr? This is an extremely crucial claim for us, Signal users. Please help us understand.
Please check out this writing https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
Thank you very much. Gonna check it. 🫂
Read it thoroughly. Interesting and technically detailed. But ultimately it's a "may be" hypothesis. It's good to be cautious, even paranoid, but I didn't agree with the wholesale implication of the Signal app. Thank you very much for the link. 🫂