Conversation

1/3 Thankyou

I entirely agree. "My major issue with SVR is that it’s something I basically don’t want, and don’t trust." Yep. And thanks for telling me I can at least generate a high-entropy password instead of a PIN - that is not at all obvious from the UI.

Quote Tweet

Matthew Green

@matthew_d_green

Jul 12, 2020

I wrote a post about why Signal’s “Secure Value Recovery” backup system (and decision to force users to choose PIN codes) has made me so concerned. blog.cryptographyengineering.com/2020/07/10/a-f

Show this thread

Vanessa Teague

@VTeagueAus

Jul 13, 2020

2/3 If you can get through this blog post without running away screaming when it mentions replicated SGX state (

@Yuvalyarom

) there's a very interesting point at the end:

Vanessa Teague

@VTeagueAus

Jul 13, 2020

3/3 "Signal has added a “disable PINs” feature into its latest beta. Encrypted data still goes to Signal servers, but it’s now encrypted in a way that nobody can access." Really? I'm going to need more detail about that, or I'm going to need a new messaging app.

Daniel Micay

@DanielMicay

Replying to

@VTeagueAus

It generates a high entropy key on your behalf instead of deriving it from a passphrase. The issue is asking users for a PIN to secure this data. Encouraging them to use a weak PIN makes it worse, but even if it did tell users to choose a secure passphrase we know they won't.

5:33 PM · Jul 13, 2020Twitter Web App

Replying to

and

SGX is used as a way to throttle an attempt to decrypt it, but it depends on the security of SGX and SGX attestation which is based on a root of trust. They're using that to justify this design and encouraging a weak PIN. At the moment, they just backup contacts, settings, etc.

Replying to

and

In the past they've made a big deal out of the fact they don't store a user's contacts, groups, etc. signal.org/bigbrother/eas The server does handle metadata but it didn't store it. Before they added the toggle for this, you could just generate a random high entropy passphrase.

Show replies