Am I tripping or if you upgrade Signal Desktop, it saves all your messages in plain text (messages.json) + attachments locally so you can re-import them in the newer version? #fail #wtf
Show this thread
-
Unless you want to input your password for every single message you view, the key has to be in memory while you use the app, at which point any other process can grab it.
You're solving these problems with the wrong, insufficient solution. This isn't Signal's job. Use sandboxing or user isolation to protect apps from each other. Use FDE and lock screens to protect against device theft.
-
-
Yeah, you are right. Windows should also store credentials in json plain text on the disk to make
@gentilkiwi job easier for mimikatz. And users should just use Bitlocker as a security boundary against mimikatz. -
Why are you conflating credentials and data? You know full well we store passwords *hashed* (not encrypted) for good reasons. That provides a useful security bound since the plaintext password only has to be in memory when it is typed and checked.
End of conversation
New conversation -
-
-
It may not be Signal's job, but if it wants to not be an app just for security experts, you should not expect users to know that. It should protect at least against the attacks it can. Not everytime access to disk = full control
-
So you expect users to know which apps implement their own protections, and all developers to do so safely and effectively? Instead of just turning on FDE? If you're a user concerned with device theft, you should know about FDE. And if you don't we have a user education problem.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.