Oh, I’m definitely picking nits. I agree and said as much in my last comment. But the way the article presented it made it feel like there is a clear and present danger from Chinese and Russian threat actors against the protocol.
Right, those shouldn’t be conflated (the protocols vs the phone/persons security properties).I think anyone actively targeted by a major govt power is probably fucked though. Pegasus has taught us that, so while signal is probably a pretty secure protocol, phones definitely have a lot of vulnerabilities.
OK, my time to pick nits: There is a clear and present threat. China, Russia and certainly the US as well have teams of cryptographers looking at software such as Signal and analysing every update and change made in order to spot potential openings. The threat towards Signal however is comparatively small because there are tens if not hundreds of times as many people checking the code as well and reporting back to Signal because of its Open-source nature.
That’s exactly my point. I work in security, specifically versus threat actors. I don’t typically deal with State actors, but on occasion I do. Those are the real problem.
You’re writing the concerns, suggestions, and warnings I would give.
As far as I’m aware the encryption can’t really be broken given the current amount of compute. Is anyone aware of what potential vulnerabilities there could be to the Signal protocol outside of brute forcing? How hard is it to crack a private public key exchange?
One of the biggest issues is they can be recorded and potentially decrypted in the future once quantum computing attacks become feasible. At the moment, the cryptography in Signal (or similar) has no known vulnerabilities that would make it vulnerable to practical attacks given reasonable assumptions about the technology that exists in the world at the moment.
Oh, I’m definitely picking nits. I agree and said as much in my last comment. But the way the article presented it made it feel like there is a clear and present danger from Chinese and Russian threat actors against the protocol.
Right, those shouldn’t be conflated (the protocols vs the phone/persons security properties).I think anyone actively targeted by a major govt power is probably fucked though. Pegasus has taught us that, so while signal is probably a pretty secure protocol, phones definitely have a lot of vulnerabilities.
Indeed. So are digital hygiene practices.
OK, my time to pick nits: There is a clear and present threat. China, Russia and certainly the US as well have teams of cryptographers looking at software such as Signal and analysing every update and change made in order to spot potential openings. The threat towards Signal however is comparatively small because there are tens if not hundreds of times as many people checking the code as well and reporting back to Signal because of its Open-source nature.
That’s exactly my point. I work in security, specifically versus threat actors. I don’t typically deal with State actors, but on occasion I do. Those are the real problem.
You’re writing the concerns, suggestions, and warnings I would give.
As far as I’m aware the encryption can’t really be broken given the current amount of compute. Is anyone aware of what potential vulnerabilities there could be to the Signal protocol outside of brute forcing? How hard is it to crack a private public key exchange?
One of the biggest issues is they can be recorded and potentially decrypted in the future once quantum computing attacks become feasible. At the moment, the cryptography in Signal (or similar) has no known vulnerabilities that would make it vulnerable to practical attacks given reasonable assumptions about the technology that exists in the world at the moment.