Signal under fire for storing encryption keys in plaintext

Nemeski ( @neme@lemm.ee ) · 9 months ago

Signal under fire for storing encryption keys in plaintext

Greg Clarke ( @Greg@lemmy.ca ) · 9 months ago

This is such a non story

DebatableRaccoon ( @DebatableRaccoon@lemmy.ca ) · 9 months ago

You come to expect better but then you can only roll your eyes and face-palm when even “the best” do something this stupid.

alsimoneau ( @alsimoneau@lemmy.ca ) · 9 months ago

To be fair it’s on your own device, not the server.

psvrh ( @psvrh@lemmy.ca ) · 9 months ago

Doesn’t… doesn’t then OpenSSH client store keys in text files?

I’m trying to figure out how this is an issue, other than maybe Signal should be using an OS level keystore.

Jerkface (any/all) ( @jerkface@lemmy.ca ) · 9 months ago

They are text files but they are not “plaintext”. They are (optionally) encrypted with a user-supplied password. That is why you need ssh-agent to stay sane.