• henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      With what? Where would you store the encryption key for the encryption key on a desktop system where it would not be accessible to an attacker?

      Perhaps there could be a pin or password that must be entered every time to decrypt it into memory.

      • boredsquirrel@slrpnk.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Something you know, something you have, something you are.

        3FA:

        • Pin
        • Security Key/TPM/Secure element
        • fingerprint / iris scan

        You could also start with just one of these

        • ArcaneSlime@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          fingerprint / iris scan

          Nope, I’m out. I’m not giving my unchangeable biological data to the Computer Gods because A) Fuck that and B) the police in my country can compel the use of biometrics to unlock things but cannot compel you to give up your pass as it is protected by the first amendment. Yes I think the bios should be protected too but that isn’t the reality in which I live.

  • JoeyJoeJoeJr@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    If your computer is compromised to the point someone can read the key, read words 2-5 again.

    This is FUD. Even if Signal encrypted the local data, at the point someone can run a process on your system, there’s nothing to stop the attacker from adding a modified version of the Signal app, updating your path, shortcuts, etc to point to the malicious version, and waiting for you to supply the pin/password. They can siphon the data off then.

    Anyone with actual need for concern should probably only be using their phone anyway, because it cuts your attack surface by half (more than half if you have multiple computers), and you can expect to be in possession/control of your phone at all times, vs a computer that is often left unattended.

    • Evotech@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      No your don’t understand, you’re supposed to encrypt the keys.

      Then you encrypt that key

      And then that key

      Until it’s all encrypted /s