| ▲ | thmsths 3 hours ago |
| The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space. |
|
| ▲ | lmm an hour ago | parent | next [-] |
| Certainly very hard to defend against that when the messenger you're using won't let you use a device you control. |
|
| ▲ | Hamuko 2 hours ago | parent | prev | next [-] |
| Surprising that end-to-end encryption doesn't really matter when you get into one of the ends. |
| |
| ▲ | ASalazarMX 2 hours ago | parent | next [-] | | Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used. | |
| ▲ | akimbostrawman 2 hours ago | parent | prev [-] | | not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too. | | |
| ▲ | moralestapia 2 hours ago | parent [-] | | [flagged] | | |
| ▲ | coldtea an hour ago | parent [-] | | The parent said "it's surprising". It's not surprising. | | |
| ▲ | Talanes an hour ago | parent [-] | | You're correct in the literal sense that they did say those words, but the entire comment clearly demonstrated a lack of surprise that reveals the opening words to be intended ironically. |
|
|
|
|
|
| ▲ | moralestapia 2 hours ago | parent | prev [-] |
| >The message can't be intercepted in transit Lol, so like ... all encryption schemes since the 70s? |
| |
| ▲ | sowbug 2 hours ago | parent [-] | | They do have stronger schemes, which are called hash functions. | | |
| ▲ | moralestapia 2 hours ago | parent [-] | | What? Hashing is not encrypting. You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/ | | |
| ▲ | coldtea an hour ago | parent | next [-] | | It's a joke, because hashing loses information, and thus the original is not retrievable, woosh | |
| ▲ | p-o 2 hours ago | parent | prev | next [-] | | Hashing is a part of encryption, maybe you are the one who needs to shore up on the topic? | | |
| ▲ | AlotOfReading an hour ago | parent | next [-] | | A good hash function is surjective. Encryption is bijective. They're very different things. | |
| ▲ | aipatselarom 2 hours ago | parent | prev [-] | | Nice try. However, hashing and encryption are two different operations. Load this page, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Ctrl-F "hash". No mention of it. Before being pedantic at least check out the url in that comment to get the basics going. | | |
| ▲ | sowbug an hour ago | parent [-] | | This entire thread should be annihilated, but since you mentioned being pedantic... You're correct that a pure encryption algorithm doesn't use hashing. But real-world encryption systems will include an HMAC to detect whether messages were altered in transit. HMACs do use hash functions. |
|
| |
| ▲ | sowbug 2 hours ago | parent | prev [-] | | > What? > Hashing is not encrypting. > You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/ Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. The only way to do that is to make decryption impossible by anyone, including the intended recipient. A labyrinthine way to do that would be to substitute the symmetric-encryption algorithm with a hash algorithm, which of course destroys the plaintext, but does accomplish the goal of obfuscating it in transit, at rest, and forever. |
|
|
|
