Signal puts a lot of effort into their threat model that assumes a hostile host (i.e. AWS). That’s the whole point of end to end encryption, even if the host is compromised the attackers do not get any information. They even go as far as padding out the lengths of encrypted messages so everyone looks like they are sending identical blocks of data
I’m assuming that they were more referring to the outage that occurred today that pulled a ton of the internet services, including signal offline temporarily.
You can have all the encryption in the world, but if the centralized data point that allows you to access the service is down, then you’re fucked.
Matrix tried for quite a while to get interoperability, but signal is just too paranoid about distributed hosting or interoperability of their software/protocol. it’s quite annoying
I guess the research doesn’t have to be limited to signal. If other apps can benefit from it the more resilient “private communications over the internet” get.
It’s not completely out yet. That was likely AWS being down.
Also, the new quantum protected message encryption headers are about 2kb. If that’s causing issues with your internet, you may want to consider looking at new internet.
2kb? While it may not sound like much, that’s at least three packets worth of data (depending on MTU). If you think about it in terms of how TCP sends packets and needs ACKs, there’s actually a lot of round trip data processing going on for just that one part.
Great. Now we just have to get Signal off AWS and we be good.
Signal puts a lot of effort into their threat model that assumes a hostile host (i.e. AWS). That’s the whole point of end to end encryption, even if the host is compromised the attackers do not get any information. They even go as far as padding out the lengths of encrypted messages so everyone looks like they are sending identical blocks of data
I’m assuming that they were more referring to the outage that occurred today that pulled a ton of the internet services, including signal offline temporarily.
You can have all the encryption in the world, but if the centralized data point that allows you to access the service is down, then you’re fucked.
Nitpicking here but assuming from the previous words in your comment that you mean blocks of data of identical length.
Although it should be as if we are sending multiples of identical size, I suppose.
Anyway, sorry for nitpicking.
Padding isn’t anything special. Most practical uses of block ciphers require it.
or federated server
Would be very cool to be able to host a Signal homeserver.
they won’t do that.
Matrix tried for quite a while to get interoperability, but signal is just too paranoid about distributed hosting or interoperability of their software/protocol. it’s quite annoying
deleted by creator
Wait, simplex isn’t paid?
No, it’s totally free and open source, and you can host it on your own server if you wish.
https://signal.org/blog/the-ecosystem-is-moving/ here is Moxi’s take on that (former Signal CEO).
So I don’t think it’s happening.
I guess the research doesn’t have to be limited to signal. If other apps can benefit from it the more resilient “private communications over the internet” get.
So that’s why Signal didn’t send my messages very quickly today then, maybe.
It’s not completely out yet. That was likely AWS being down.
Also, the new quantum protected message encryption headers are about 2kb. If that’s causing issues with your internet, you may want to consider looking at new internet.
2kb? While it may not sound like much, that’s at least three packets worth of data (depending on MTU). If you think about it in terms of how TCP sends packets and needs ACKs, there’s actually a lot of round trip data processing going on for just that one part.
Sorry, yeah, that’s the only thing I was referring to.
My internet connection is 500/500 Mbps, and I can’t change it. 😄👍