Email or username:

Password:

Forgot your password?
Top-level
AlexTECPlayz

@Mer__edith Yeah no, this post is a big miss and reeks of sh*t. Just because OSes already have disk encryption that can be enabled, doesn't mean Signal shouldn't also at the very least, give the option to also encrypt the files that are saved/cached/whatever.

Maybe some missed the option to encrypt their system and can't be arsed to reflash their entire OS again - like me, I didn't see any option in the Debian installer to encrypt the disk or the home folder, and forgot about it, so now I'm currently not in the mood to literally reinstall the system again to manually encrypt it.

I know very well that this is risky if someone had access to the hardware, but I would have felt better if Signal Desktop was also encrypting the files.

I stopped using Signal, mostly due to its centralised manner, and the phone number requirement, and this issue that apparently has been known for years and not getting fixed, is certainly not pushing me to use Signal again. Do better.

7 comments
AlexTECPlayz

@Mer__edith I mean, look at Molly, a fork of Signal on Android that also encrypts the shared preferences XML file, while regular Signal does not.

Signal is both a security and privacy-focused instant messenger. It should encrypt even banal things such as preferences, and shared images, video, media. You're clearly not out of options, and you should provide the encryption for the attachments, because from reading the comments here, it's very much possible.

(github.com/mollyim/mollyim-and)

@Mer__edith I mean, look at Molly, a fork of Signal on Android that also encrypts the shared preferences XML file, while regular Signal does not.

Signal is both a security and privacy-focused instant messenger. It should encrypt even banal things such as preferences, and shared images, video, media. You're clearly not out of options, and you should provide the encryption for the attachments, because from reading the comments here, it's very much possible.

"How Local Encryption Works

Database

Signal uses an SQLCipher database to store contacts, chat history, and attachments, in the app-specific directory of the device. The database is encrypted with AES 256-bit keys randomly generated the first time the app is run.

The encryption key is wrapped with Android KeyStore and stored in the Shared Preferences. If the KeyStore is unavailable as in Android 5.1 (Lollipop) and previous, the key is written as-is to the Shared Preferences.

In Signal, Shared Preferences are plaintext XML files stored along with the database.

However, Molly protects the Shared Preferences with the user's passphrase, providing full encryption of data at rest regardless of the way Android may or may not be encrypting its own storage.
Shared Preferences

Molly encrypts preferences value using AES-256 CBC mode. The preference name and the encrypted value are hashed together with HMAC-SHA256, and stored together with the encrypted value, providing authenticated encryption for the preferences.

The Shared Preferences encryption key is protected with the passphrase set in Molly, run through Argon2id (KDF) with a random salt. The CPU and memory cost parameters of the KDF algorithm are calibrated so that one attempt takes approximately 3 seconds. The passphrase is wiped from memory after hashing it.

To discourage brute-force passphrase attacks, starting in Android 6.0, the output of Argon2 is entangled with 256-bit MAC keys tied to the Android KeyStore."
Meta

@alextecplayz
Note that you can in fact encrypt your home without reinstalling - see e.g. techblog.dev/posts/2022/03/enc

But I do suggest that you think about how you voice critic. It doesn't sound very grateful, especially considering what Signal is doing for humanity.
@Mer__edith

AlexTECPlayz

@metacolon I know I can encrypt my /home even after installing the system, but that would be slow and data could be at risk of being corrupted or erased if it goes wrong, it's just not something I want to do now, I'll do it someday, and I'll go all in. The performance impact isn't that big nowadays, even on hard drives, even with FDE.

As for voicing my criticism - I'm not trying to sound grateful OR ungrateful.

What Signal is doing is nice, they are definitely helping out people in countries where censorship is front and center.

But at the same time, you WOULD expect a project that is literally focused on a secure and private instant messenger, to not ignore a glaring issue that was known since 2016 (or 2018), because it is a big issue nonetheless.

Meredith's statement was thoroughly disappointing, though, considering it's a blatant lie when they say the issue can't be fixed.

@metacolon I know I can encrypt my /home even after installing the system, but that would be slow and data could be at risk of being corrupted or erased if it goes wrong, it's just not something I want to do now, I'll do it someday, and I'll go all in. The performance impact isn't that big nowadays, even on hard drives, even with FDE.

AlexTECPlayz

@metacolon "The reported issues rely on an attacker already having *full access to your device* — either physically, through a malware compromise, or via a malicious application running on the same device. This is not something that Signal, or any other app, can fully protect against. Nor do we ever claim to."

But Signal can take steps against this happening, by literally encrypting the attachments, this is possible, and we know it is, because many other programs have done it already. It's a basic feature Signal refuse(d)s to implement.

"The posters who raised this issue did so without contacting us directly. Instead, they went straight to social media, in some cases using inflammatory language. And they dropped these claims over a US holiday weekend. This is the opposite of responsible disclosure."

This is in bad faith. The issue was KNOWN for years, it was only brought back to light. Mysk doesn't need to contact Signal to talk about this issue, it's not something new.

@metacolon "The reported issues rely on an attacker already having *full access to your device* — either physically, through a malware compromise, or via a malicious application running on the same device. This is not something that Signal, or any other app, can fully protect against. Nor do we ever claim to."

AlexTECPlayz

@metacolon Here are the GitHub issues. It goes as far back as December 2015.

github.com/signalapp/Signal-De

github.com/signalapp/Signal-De

And yet Signal closes both issues as 'Won't Fix', because apparently, people who don't have disk encryption (due to a multitude of possible reasons) can get fucked. The point of a security and privacy-focused project is to try and reclaim/secure as much as possible. What if someone is using Signal Desktop on a work computer, that CANNOT have disk encryption, for some reason? What if someone is using Signal Desktop on a public cafe computer, that doesn't have disk encryption?

Signal must account for all possibilities, and offer the option to enable data encryption at rest. I'm not trying to shit on Signal, but I'm not blind to suck them off and call everyone that criticizes Signal 'ungrateful'. I'm not specifically calling you out, just users in general, because I see a lot of people evangelizing Signal, on the same level as they evangelize Linux or Torvalds.

@metacolon Here are the GitHub issues. It goes as far back as December 2015.

github.com/signalapp/Signal-De

github.com/signalapp/Signal-De

And yet Signal closes both issues as 'Won't Fix', because apparently, people who don't have disk encryption (due to a multitude of possible reasons) can get fucked. The point of a security and privacy-focused project is to try and reclaim/secure as much as possible. What if someone is using...

Meta

@alextecplayz
The issues you linked are about Signal storing stuff unencrypted. The only real new issue that came up with mysk imo is that you can clone a session. That's not in the issues and should have been a responsible disclosure.

Providing the option for a custom encryption password is something Signal *should* do. It's the same for mobile, which is why I'm using Molly. But it's not something they *must* do, as you imply. It's a valid feature request, not a bug.

The only thing Meredith said is impossible is to protect against full system access. I agree that it's a bit mialeading, but it is reasonable to assume that if someone can read your files, they can also read your screen. And Signal can't protect against that.

@alextecplayz
The issues you linked are about Signal storing stuff unencrypted. The only real new issue that came up with mysk imo is that you can clone a session. That's not in the issues and should have been a responsible disclosure.

Providing the option for a custom encryption password is something Signal *should* do. It's the same for mobile, which is why I'm using Molly. But it's not something they *must* do, as you imply. It's a valid feature request, not a bug.

AlexTECPlayz

@metacolon Okay, the cloning session thing might be new, I haven't looked up on that. But I'm mostly talking about the attachment encryption issue here.

Yes, it's not something that Signal must do, but they should, considering they're always up talking about how privacy and security are so important. It's not a good look for a project dedicated to this, to ignore such a feature.

Apparently they did the data encryption at-rest for Signal on Android (before it was removed? and added back? by Molly) because Android didn't have "usable" FDE at the time.

And, come on, if WhatsApp has data encryption at-rest, I think it would be almost necessary for Signal to have it too, just because WA would be superior in this specific regard otherwise.

" but it is reasonable to assume that if someone can read your files, they can also read your screen" - this would depend on the OS. Linux has Wayland to prevent this, Android allows apps to prevent screen captures (screenshots would be blacked out).

@metacolon Okay, the cloning session thing might be new, I haven't looked up on that. But I'm mostly talking about the attachment encryption issue here.

Yes, it's not something that Signal must do, but they should, considering they're always up talking about how privacy and security are so important. It's not a good look for a project dedicated to this, to ignore such a feature.

Go Up