Comment on Signal under fire for storing encryption keys in plaintext

JoeyJoeJoeJr@lemmy.ml ⁨4⁩ ⁨months⁩ ago

If your computer is compromised to the point someone can read the key, read words 2-5 again.

This is FUD. Even if Signal encrypted the local data, at the point someone can run a process on your system, there’s nothing to stop the attacker from adding a modified version of the Signal app, updating your path, shortcuts, etc to point to the malicious version, and waiting for you to supply the pin/password. They can siphon the data off then.

Anyone with actual need for concern should probably only be using their phone anyway, because it cuts your attack surface by half (more than half if you have multiple computers), and you can expect to be in possession/control of your phone at all times, vs a computer that is often left unattended.

source
Sort:hotnewtop