A protocol (as well as an app implementing it) for end-to-end encrypted instant messaging.
Questions tagged [signal]
26 questions
1
vote
2 answers
Telegram, Signal, WhatsApp: chats encrypted in local storage on mobile devices?
I wonder if the chat content's are encrypted in local storage on mobile devices (iOS, Android).
I hardly found any reliable information about this topic.
My thought is about somebody stealing my device and plugging it's hard drive into an external…
Abid
- 113
- 5
1
vote
2 answers
Known flaws in Signal app's security
Are there any known exploits in Signal's encryption protocol that could lead to messages being decrypted, or any other compromising information being released?
psitae
- 131
- 4
1
vote
1 answer
In Signal Messenger what is the purpose of verifying a safety number?
I've read the official page on safety numbers but they are still unclear to me. Without verification, there still is end to end encryption, so what difference does it make? Is it that a phone number is easy to spoof so an adversary could pretend to…
northerner
- 273
- 1
- 9
1
vote
0 answers
Meaning of unacknowledged pre key messages
I've recently tried to work with the Signal protocol, but the documentation isn't great. I've come across a problem where the messages being sent include the pre key because the client has unacknowledged pre key messages even if a session has…
devgianlu
- 121
- 5
1
vote
1 answer
How to use Username/Password in Signal Protocol
I am trying to create a communication app from scratch (more like an html parsed messaging app) using the Signal protocol. While I do have lot to of programming experience, I am a crypto novice and therefore I am unable to figure out how do I sign…
Jishan
- 193
- 8
1
vote
0 answers
HTTP body E2E encryption protocol
I have 2 servers that communicate each other in HTTP and they are both behind an API gateway.
Between the servers and their API gateways the communication is in HTTPS with mutual authentication using certificates, and the same between the 2 API…
Fabio
- 121
- 1
1
vote
1 answer
Signal Protocol: How is identity exchanged if a key exchange hasn't happened yet?
On Signal's blog they mention that keys for accessing your profile are exchanged normally with your contacts using the Signal Protocol just like messages are (implying they are already contacts and you've already generated a shared ephemeral…
aroooo
- 115
- 4
0
votes
1 answer
Is it possible to snoop on documents/media while uploading them on a Desktop app?
Websites often enforce HTTPS to prevent snooping of sensitive input. Is there something equivalent while uploading files from local disk onto a desktop app, say the desktop version of Signal?
When I upload a file onto Signal's desktop app, where all…
Train Heartnet
- 103
- 3
0
votes
3 answers
What can my Telco / ISP learn from my Signal (secure messaging app) communications?
To preface this question, I use Signal messaging app for voice, video and text. I understand that the content of all these messages are encrypted and no-one but the sender and recipient can see/hear this content. I should also say that I live in a…
Shae
- 53
- 4
0
votes
2 answers
Is the video/audio traffic from WebRTC TURN relay servers encrypted end-to-end? As with the applications Signal and Jitsi Meet
Today I found a video on YouTube that surprised me (https://www.youtube.com/watch?v=Pkc3sE6iKV4). It is by Rob Braxman, a privacy advocate with a lot of expertise.
He talks about all kinds of video conferencing situations. Like one-to-one,…
user244515
0
votes
1 answer
If Signal database leaks, can somebody bruteforce access into my contact's chat history?
Recently Signal started forcing users to create a pin. I'm curious about the feature - doesn't it make Signal less secure if their database gets compromised? In other words, suppose that I'm chatting with someone from my family and they set their…
d33tah
- 6,524
- 8
- 38
- 60