The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space.
The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space.
Certainly very hard to defend against that when the messenger you're using won't let you use a device you control.
Surprising that end-to-end encryption doesn't really matter when you get into one of the ends.
Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used.
not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too.
[flagged]
The parent said "it's surprising". It's not surprising.
You're correct in the literal sense that they did say those words, but the entire comment clearly demonstrated a lack of surprise that reveals the opening words to be intended ironically.
>The message can't be intercepted in transit
Lol, so like ... all encryption schemes since the 70s?
They do have stronger schemes, which are called hash functions.
What?
Hashing is not encrypting.
You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
It's a joke, because hashing loses information, and thus the original is not retrievable, woosh
Hashing is a part of encryption, maybe you are the one who needs to shore up on the topic?
A good hash function is surjective. Encryption is bijective. They're very different things.
Nice try. However, hashing and encryption are two different operations.
Load this page, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Ctrl-F "hash". No mention of it.
Before being pedantic at least check out the url in that comment to get the basics going.
This entire thread should be annihilated, but since you mentioned being pedantic...
You're correct that a pure encryption algorithm doesn't use hashing. But real-world encryption systems will include an HMAC to detect whether messages were altered in transit. HMACs do use hash functions.
> What?
> Hashing is not encrypting.
> You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. The only way to do that is to make decryption impossible by anyone, including the intended recipient. A labyrinthine way to do that would be to substitute the symmetric-encryption algorithm with a hash algorithm, which of course destroys the plaintext, but does accomplish the goal of obfuscating it in transit, at rest, and forever.