Comment on Signal downplays encryption key flaw, fixes it after X drama

<- View Parent
ooterness@lemmy.world ⁨4⁩ ⁨months⁩ ago

Sure, but there’s still no excuse for “store the password in plaintext lol”. Once you’ve got user access, files at rest are trivial to obtain.

You’re proposing what amounts to a phishing attack, which is more effort. Anything that forces the attacker to do more work and have more chances to get noticed is a step in the right direction. Don’t let perfect be the enemy of good.

source
Sort:hotnewtop