Giving people a 64-character key also feels uncharacteristically crude for Signal. It's not realistic to hand people 64 characters and tell them to “store this securely.” Most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.

That's less of a problem when the backups are local, because access to the local backups implies access to the device, but if the backups are in the cloud with no forward secrecy, this seems like a huge security backslide for Signal.

▲

codethief 6 days ago | parent [-]

I get your point but is a large set of dictionary words or 5-digit numbers (see the current backup passphrase) so much better? At the end of the day, recording entropy will always be cumbersome and there is no way around it.

> Most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.

At least on Android apps can disable screenshots, though, which might be a simple way to deter people from doing that?

▲

dlgeek 6 days ago | parent | next [-]

I think a large set of dictionary words are likely more user friendly. I think most people will have a lot more confidence on their ability to transcribe words to/from paper more accurately than a bunch of numbers - better built in error correction, etc.

	▲	itake 6 days ago \| parent [-]
		Sanely formed numbers (like 4 digit groups with a checksum) seems like less writing to me, b/c I hate my hand writing.

▲

eviks 6 days ago | parent | prev [-]

> is a large set of dictionary words so much better?

Yes, much easier to type

	▲	cyphar 6 days ago \| parent [-]
		And much easier to copy elsewhere or memorise (not that I would recommend the latter).