IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [signal]

A protocol (as well as an app implementing it) for end-to-end encrypted instant messaging.

26 questions
53
votes
3 answers

Is Signal still more secure than WhatsApp?

WhatsApp has "recently" deployed end-to-end encryption using the Signal protocol, which is of course also being used by Signal itself. The related white paper (PDF). Now this raises the question: Is there still any security benefit to use Signal…
SEJPM
  • 9,500
  • 5
  • 35
  • 66
40
votes
2 answers

Why is there no web client for Signal?

I’ve read about E2EE (end to end encryption) of Signal in web clients on a Signal Community discussion forum, and wonder why they say that the browser is insecure for E2EE and native apps are secure. I think the security issues for clients are the…
SeyyedKhandon
  • 517
  • 1
  • 4
  • 7
18
votes
3 answers

Why iterate 5200 times when computing Safety Numbers in Signal?

Safety numbers in Signal are derived from a hash of the conversation's users public keys and their phone numbers. Safety number are used to ensure that the conversation was not MITM-ed. When deriving safety numbers, SHA-512 iterated for 5200 times.…
bgd223
  • 353
  • 2
  • 6
11
votes
1 answer

Private messaging for protesters

Hello I am a protester in Hong Kong. Many protesters use telegram group. I have heard recently from the News that a group admin was tricked by the police to unlock their phone (police cannot force one to unlock their phone under the law of HK) and a…
hkprotester
  • 111
  • 4
9
votes
1 answer

Signal messaging app / How does sync on connected devices work?

I would like to know how paired devices get synced together in Signal messaging app. So this is what they say on their website Signal messages, pictures, files, and other contents are stored locally on your device. These contents are readable by…
gnogno
  • 93
  • 1
  • 3
7
votes
4 answers

Why do people use "burner phones" rather than Signal or similar solutions?

Why do people use burner phones rather than Signal or similar? I would imagine that if you are high value target the police or intelligence service would simply eavesdrop every phone call passing the base station nearest the location where you…
EmLi
  • 171
  • 5
5
votes
1 answer

Can WhatsApp, Signal or Telegram be hacked through a SIM SWAP attack?

In Cuba the telecoms/ISP monopoly, Etecsa, works with the political police to spy on dissidents, journalists and others. A common attack in Cuba is therefore SIM Swapping which is easy for them. It is also effective in order to eavesdrop on phone…
Pedro
  • 51
  • 3
5
votes
1 answer

How can WhatsApp be listed on the EFF secure application toolset when it's not opensource?

I see this EFF tool guide, proposing WhatsApp as one of "our pick of the best, most secure applications" source. How can WhatsApp be trusted as a secure application when it is not open-source (according to Wikipedia: "license: freeware"), in…
Marinos An
  • 191
  • 6
5
votes
1 answer

How was IronChat compromised?

How was IronChat compromised? https://hotforsecurity.bitdefender.com/blog/police-crack-encrypted-chat-service-ironchat-and-read-258000-messages-from-suspected-criminals-20530.html Dutch police have revealed that they were able to spy on the…
Chloe
  • 1,668
  • 3
  • 15
  • 30
5
votes
1 answer

Can Signal encrypted voice calls be listened into by other apps?

Signal App (by Open Whisper) provides encrypted voice calls allowing two people to communicate via a data connection with secure encryption (assuming no MiTM attack). Given that Signal App uses the microphone on the mobile devise (iPhone/Android)…
Shae
  • 53
  • 4
4
votes
2 answers

In a synchronous environment, does Signal offer any security benefits that can’t be achieved with a modern version of TLS?

The Signal protocol utilizes the double ratchet algorithm to achieve end-to-end encryption with forward secrecy and future secrecy (aka break-in recovery). Forward secrecy ensures that if any of the user’s keys are compromised (including long-term…
weaver
  • 311
  • 3
  • 4
3
votes
0 answers

What secure mobile messaging app is publicly known to be the most frustrating for state intelligence to read?

I imagine like either leaked or otherwise published official memos on efforts and signals intelligence programs to intercept and crack different types of communications either lamenting or chronicling the technical difficulties in doing so and…
Jackie FJA
  • 39
  • 4
3
votes
2 answers

Can a data requester get the sender when "Sealed sender" is enabled in Signal?

The Signal app offers to seal the sender. The whole process can be summarized in the following steps: The app encrypts the message using Signal Protocol, as usual. Include the sender certificate and encrypted message in an envelope. Encrypt the…
Nightscape
  • 329
  • 4
  • 12
2
votes
3 answers

Signal: contact people, or have people contact me, without revealing phone number?

Is it possible to use Signal without revealing my phone number to others? I'm personally using the Signal app on Android, but of course it applies to all versions, desktop and mobile. With Telegram for example, I can pick a username and then share…
RocketNuts
  • 223
  • 1
  • 6
2
votes
3 answers

Are Whatsapp and Signal truly secure and user-privacy friendly?

I have been learning the famous "SIGNAL MESSAGING PROTOCOL", Its brilliantly designed and perfectly secure , but I doubt on its implementations Famous messenger services like Whatsapp and Signal claim to have implemented the e2e messaging protocol…
Chidhambararajan NRM
  • 121
  • 3
1
2