Daniel Micay on Twitter: "@chrisrohlf @signalapp @moxie Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach." / Twitter

This Tweet was deleted by the Tweet author. Learn more

Replying to

and

Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.

2:05 PM · Jul 9, 2020Twitter Web App

Replying to

twitter.com/DanielMicay/st By the way,

@moxie

blocked me for this tweet. I think that says a lot. As I feared, the toggle is for the PIN feature as a whole. It also doesn't address that they're still going to be encouraging using a weak PIN for a remote backup/sync feature.

Quote Tweet

Daniel Micay

@DanielMicay

Jul 9, 2020

Replying to @chrisrohlf @signalapp and @moxie

Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.

1

3

Replying to

At least on Android, Signal already had an encrypted backup feature using a strong key generated by the app rather than the user. This could be made more usable via a seed phrase as others have suggested rather than providing it as numbers. Not even an option for the new feature.

1

3

Show replies

Conversation