upvote

points

by thmsths4 hours ago |
comments
upvoteby lmm3 hours ago|
next
[-]
Certainly very hard to defend against that when the messenger you're using won't let you use a device you control.
reply
upvoteby Hamuko4 hours ago|
prev|
next
[-]
Surprising that end-to-end encryption doesn't really matter when you get into one of the ends.
reply
upvoteby ASalazarMX4 hours ago|
parent|
next
[-]
Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used.
reply
upvoteby akimbostrawman4 hours ago|
parent|
prev|
[-]
not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too.
reply
upvoteby moralestapia4 hours ago|
parent|
[-]
[flagged]
reply
upvoteby coldtea3 hours ago|
parent|
[-]
The parent said "it's surprising". It's not surprising.
reply
upvoteby Talanes3 hours ago|
parent|
[-]
You're correct in the literal sense that they did say those words, but the entire comment clearly demonstrated a lack of surprise that reveals the opening words to be intended ironically.
reply
upvoteby moralestapia4 hours ago|
prev|
[-]
>The message can't be intercepted in transit

Lol, so like ... all encryption schemes since the 70s?

reply
upvoteby sowbug4 hours ago|
parent|
[-]
They do have stronger schemes, which are called hash functions.
reply
upvoteby moralestapia4 hours ago|
parent|
[-]
What?

Hashing is not encrypting.

You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/

reply
upvoteby coldtea3 hours ago|
parent|
next
[-]
It's a joke, because hashing loses information, and thus the original is not retrievable, woosh
reply
upvoteby sowbug4 hours ago|
parent|
prev|
next
[-]
> What?

> Hashing is not encrypting.

> You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/

Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. The only way to do that is to make decryption impossible by anyone, including the intended recipient. A labyrinthine way to do that would be to substitute the symmetric-encryption algorithm with a hash algorithm, which of course destroys the plaintext, but does accomplish the goal of obfuscating it in transit, at rest, and forever.

reply
upvoteby p-o4 hours ago|
parent|
prev|
[-]
Hashing is a part of encryption, maybe you are the one who needs to shore up on the topic?
reply
upvoteby AlotOfReading3 hours ago|
parent|
next
[-]
A good hash function is surjective. Encryption is bijective. They're very different things.
reply
upvoteby aipatselarom4 hours ago|
parent|
prev|
[-]
Nice try. However, hashing and encryption are two different operations.

Load this page, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Ctrl-F "hash". No mention of it.

Before being pedantic at least check out the url in that comment to get the basics going.

reply
upvoteby sowbug3 hours ago|
parent|
[-]
This entire thread should be annihilated, but since you mentioned being pedantic...

You're correct that a pure encryption algorithm doesn't use hashing. But real-world encryption systems will include an HMAC to detect whether messages were altered in transit. HMACs do use hash functions.

reply