New design sets a high standard for post-quantum readiness.
Great. Now we just have to get Signal off AWS and we be good.
Why Signal’s post-quantum makeover is an amazing engineering achievement
Submitted 18 hours ago by technocrit@lemmy.dbzer0.com to technology@lemmy.world
Comments
heysoundude@eviltoast.org 18 hours ago
lemmee_in@lemmy.world 18 hours ago
Signal puts a lot of effort into their threat model that assumes a hostile host (i.e. AWS). That’s the whole point of end to end encryption, even if the host is compromised the attackers do not get any information. They even go as far as padding out the lengths of encrypted messages so everyone looks like they are sending identical blocks of data
shortwavesurfer@lemmy.zip 14 hours ago
I’m assuming that they were more referring to the outage that occurred today that pulled a ton of the internet services, including signal offline temporarily.
You can have all the encryption in the world, but if the centralized data point that allows you to access the service is down, then you’re fucked.
frezik@lemmy.blahaj.zone 16 hours ago
Padding isn’t anything special. Most practical uses of block ciphers require it.
victorz@lemmy.world 17 hours ago
sending identical blocks of data
Nitpicking here but assuming from the previous words in your comment that you mean blocks of data of identical length.
Although it should be as if we are sending multiples of identical size, I suppose.
Anyway, sorry for nitpicking.
thepompe@ttrpg.network 2 hours ago
Just use Matrix…
EncryptKeeper@lemmy.world 20 minutes ago
No
alimanana@feddit.cl 18 hours ago
or federated server
null@piefed.nullspace.lol 18 hours ago
Would be very cool to be able to host a Signal homeserver.
elvis_depresley@sh.itjust.works 18 hours ago
I guess the research doesn’t have to be limited to signal. If other apps can benefit from it the more resilient “private communications over the internet” get.
victorz@lemmy.world 17 hours ago
So that’s why Signal didn’t send my messages very quickly today then, maybe.
DaGeek247@fedia.io 17 hours ago
It's not completely out yet. That was likely AWS being down.
Also, the new quantum protected message encryption headers are about 2kb. If that's causing issues with your internet, you may want to consider looking at new internet.
OrganicMustard@lemmy.world 14 hours ago
Having in mind we are not even close to breaking classical cryptography with quantum computing I doubt this was their best investment of time
jpv2390@discuss.tchncs.de 35 minutes ago
There’s hardly ever glory in prevention…
Alaknar@sopuli.xyz 2 hours ago
Once quantum computers break classical cryptography, it’s going to be too late to develop post-quantum cryptography, mate.
The best time to develop resilience is right now.
blah3166@piefed.social 13 hours ago
the best time was yesterday. the next best time is today. securing systems after they’re broken, when data could actively be collected prior to the breakthrough, is not the way to approach security.
djmikeale@feddit.dk 7 hours ago
Their core feature is secure messaging, so I’d say this result highlights their dedication to the secure aspect of it. So an excellent feature in terms of branding, and probably has more benefits in other places e.g. attracting talent, as developers now can see Signal offers great opportunities to work on complex problems.
So I’m curious; what do you think would be better investment of their time?
OrganicMustard@lemmy.world 4 hours ago
Like allowing a federated system instead of a central one, not depending in external libraries and services, and so on. I bet there are many things that would actually improve the security instead of this that is more of a marketing point.
Jason2357@lemmy.ca 12 hours ago
There are nation states just straight up intercepting and storing signal data on their networks in hopes that it can be decrypted in the future. 20 year old messages will still be useful.
SkyeStarfall@lemmy.blahaj.zone 7 hours ago
Also known as Harvest now, decrypt later. And it’s a serious security threats that Signal must consider and handle
ExLisper@lemmy.curiana.net 12 hours ago
It’s future-proofing. It means my messages are not only safe today but, even if they are intercepted or leaked somehow, will also be safe in the future.
OrganicMustard@lemmy.world 4 hours ago
Lol, it shows the hype quantum computing has sold and how detached the public thought is about it from reality.
I’m friends with two quantum computing researchers and they are pretty sure quantum computing will never be a practical application because of how the noise and errors scale with the system size.
webghost0101@sopuli.xyz 13 hours ago
I doubt that the first ones to break it will be eager to communicate their findings to the public.
This tech is far to valuable for military/spionage goals. For all we know it already exists.
thepompe@ttrpg.network 2 hours ago
Why do we keep caring about signal when there’s Matrix?
jpv2390@discuss.tchncs.de 2 hours ago
Because my grandpa can work with signal which is still encrypted communication. Thus its a low threshhold to adoption and significant increase in cyber hygiene. Even for his type of audience.
Alaknar@sopuli.xyz 2 hours ago
Because Matrix barely works half the time and has some significant security/privacy flaws still. One of which is: if there’s a bug that makes it possible for someone to snoop your metadata and the fix requires a server update… You’re SOL if the people you’re talking to don’t get the update.