0

Does Wire employ encryption of data at rest?

I generally consider Signal and Wire to be the best tools today for sending information privately between two parties. Both meet the marks on crypto, open-source, 3rd party audits, PFS via the double-ratchet algorithm, etc.

Personally, I prefer Wire because it doesn't require a phone number and you can install it on Linux, Windows, MacOS, Android, or iPhone. So you can put it on TAILS or Whonix or a burner phone or some sandboxed VM.

But today I was searching through Wire's website, and I was surprised that I didn't see any information on their "security" page about encryption-at-rest.

In most cases, I'd have FDE anyway -- but in the off-chance that the person I'm communicating with doesn't have FDE, I want to make sure that my messages wouldn't be stored in plaintext on their HDD when they retire their device.

Does Wire store all of its data-at-rest encrypted?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Michael Altfield
  • 826
  • 4
  • 19
  • Only Signal does, [Can I use WhatsApp to securely send public key, symmetric key and private key?](https://security.stackexchange.com/a/240242/118310). – defalt Apr 30 '21 at 09:03
  • 1
    @defalt See https://github.com/signalapp/Signal-Desktop/issues/4042. I appears that Signal client for Windows stores the messages in a sqlite database, and that the encryption key for the database is stored separately in plaintext. This is akin to the messages being stored in plaintext. – mti2935 May 30 '21 at 13:38
  • @mti2935 Yes. Linked clients aren't protected like Signal app client. – defalt May 30 '21 at 15:55

1 Answers1

0

It appears that Wire does not encrypt all of its data-at-rest. In fact, in their security whitepaper, they explicitly state that their users should employ FDE because of this. Wow.

From their security whitepaper:

7.2 Local data protection

Wire apps store the content of conversations such as text messages, images and other assets locally on the device. Depending on the platform, different protection mechanisms exist:

  1. iOS: Local data is stored using Core Data and in files (both protected in with NSFileProtectionCompleteUntilFirstUserAuthentication). Conversation content, cryptographic key material and other sensitive data is not synced with iCloud or iTunes backups. Local data can only be accessed from the Wire app, it is inaccessible to other apps thanks to the iOS sandboxing.

  2. Android: Local data is stored using SQLite and in files. Conversation content, cryptographic key material or other sensitive data is not synced with Android Backup Service. The local data can only be accessed from the Wire app, it is inaccessible to other apps thanks to the Android permissions. The app sometimes keeps cached data (i.e. downloaded images) on the external storage (SD card). Those files are encrypted using AES128, each file uses a different random key which is stored in the private database.

  3. Desktop clients: Local data is stored using IndexedDB. The data is stored in the user’s folder. It is strongly recommended to use full disk encryption like FileVault on macOS or Bitlocker on Windows.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Michael Altfield
  • 826
  • 4
  • 19
  • 3
    Why "wow"? This seems like an appropriate security stance. Encryption is only as good as managing the encryption key. Phones have attractive hardware security features. Some desktops do as well, but it's not possible to securely manage keys in a portable manner. The alternative would be to protect the key in-app with a password, but that can cause disproportionate friction for users. – amon May 01 '21 at 10:38
  • Welcome to tech stacks. It is not surprising that an upper layer would depend on the protections of the lower layer, especially when those lower layers have FDE by default. – schroeder Jan 25 '22 at 13:26
  • "wow" because encryption-at-rest is a reasonable expectation for a tool specifically designed for security. I would expect the password be used to decrypt a symmetrically encrypted master key for storage of the data at-rest (same as FDE). Of course, if the user forgets their password, they'd loose access to all their old data. That's normal and desired for such tools. – Michael Altfield Jan 25 '22 at 13:32
  • 1
    Specifically designed for *transmission* security. As always, the question is "secure against *what*?" Wire is for secure *messaging*. – schroeder Jan 25 '22 at 13:37