113 sats \ 1 reply \ @Zk2u 9 Jul \ parent \ on: Signal under fire for storing encryption keys in plaintext privacy
Agree with OP. I would delete or at the least disconnect desktop linked devices. It certainly is a vulnerability, but mitigating effectively is very difficult on some platforms. Storing a key on disk is mostly fine if the OS enforces that only your app can access it. Android and iOS are built on this sandboxing, desktops (mostly) aren’t. macOS has keychain access which if signal used would make this a lot more secure. Other desktops aren’t so lucky - fixes on Linux and windows (windows I know for sure, unless you use something like windows hello) aren’t really fixes. The OS needs to limit access at a lower ring to user space, like macOS does with keychain access, to mitigate this issue.
To clarify, the biggest issue isn’t putting it on disk (it has to be stored somewhere) because you should be using full disk encryption in whatever the platform offers for it, such as FileVault on macOS. The main issue is other apps running at the same user level as signal being able to access it, again because desktop OSs don’t really sandbox things. On the server (Linux) we generally do this using service accounts, but no one is using separate service accounts for most software installed on a Linux desktop.
I think people forget this is also how your SSH keys are stored too lol.
The main issue is other apps running at the same user level as signal being able to access it, again because desktop OSs don’t really sandbox things. On the server (Linux) we generally do this using service accounts, but no one is using separate service accounts for most software installed on a Linux desktop.
Yes, very good point
reply