- cross-posted to:
- privacy@lemmy.world
- privacy@lemmy.ml
- foss@beehaw.org
- cross-posted to:
- privacy@lemmy.world
- privacy@lemmy.ml
- foss@beehaw.org
Should the encryption keys be… encrypted?
With what? Where would you store the encryption key for the encryption key on a desktop system where it would not be accessible to an attacker?
Perhaps there could be a pin or password that must be entered every time to decrypt it into memory.
Something you know, something you have, something you are.
3FA:
- Pin
- Security Key/TPM/Secure element
- fingerprint / iris scan
You could also start with just one of these
fingerprint / iris scan
Nope, I’m out. I’m not giving my unchangeable biological data to the Computer Gods because A) Fuck that and B) the police in my country can compel the use of biometrics to unlock things but cannot compel you to give up your pass as it is protected by the first amendment. Yes I think the bios should be protected too but that isn’t the reality in which I live.
If your computer is compromised to the point someone can read the key, read words 2-5 again.
This is FUD. Even if Signal encrypted the local data, at the point someone can run a process on your system, there’s nothing to stop the attacker from adding a modified version of the Signal app, updating your path, shortcuts, etc to point to the malicious version, and waiting for you to supply the pin/password. They can siphon the data off then.
Anyone with actual need for concern should probably only be using their phone anyway, because it cuts your attack surface by half (more than half if you have multiple computers), and you can expect to be in possession/control of your phone at all times, vs a computer that is often left unattended.
“if you’ve lost physical security, you’ve lost all security.”
on desktop devices
Kinda should have been in the headline
It is a super important detail, but it’s still unforgivable for an app that expects privacy to be part of its brand identity.
This is a big difference between privacy and security.
Agreed
But you can’t have privacy without security, and any privacy brand must have security in their bones.
But… That’s how encryption keys are stored.
No your don’t understand, you’re supposed to encrypt the keys.
Then you encrypt that key
And then that key
Until it’s all encrypted /s