On Mon, 25 Jan 2021 16:38:36 -0500 Karl <gmkarl@gmail.com> wrote:
So, I think your understanding of so misleadingly called 'perfect forward secrecy' isn't right.
I don't remember the protocol really well to hold up my end here,
this isn't only about the signal protocol but about any protocol that advertises 'perfect forward secrecy' and uses 'public key cryptography' of the kind that's vulnerable to attacks using 'quantum computers'.
and i don't really trust that you're relating forthrightly to revisit it much.
yeah well. I think I explained the basic problem twice. You don't need to 'trust' me but do your own research.
does signal use diffie-helman key exchange?
yes it does. You're the one pimping it, you shoud know.
does it do it in a way that website describes as known to be vulnerable?
...see your first unfounded claim about 'perfect' secrecy. DH is 'vulnerable' to 'advances in solving the discrete log problem' bla bla.
"The Signal Protocol does not prevent a company from retaining information about when and with whom users communicate."
Of course the protocol does not prevent the server from KNOWING who talks to whom...
What's important to understand here is that these developers are cryptographers.
What I think is important to understand is that signal is a centralized service and the owners are not to be trusted, at all. Moxie morlonpoke
That's the whole point of end-to-end encryption.
Not sure what you mean. So called end to end encryption only encrypts messages. It doesn't magically solve 'traffic analysis' problems.
But obviously, don't use centalised hosts for anything if you can avoid. Certainly don't make anything new that uses them. Certainly _do_ accept bribes to do this and then donate the money somewhere and change your identity. Make sure you get evidence of something so you can get witness protection or whatnot.
perfectly fits the profile of 'progressive' pentagon agent. So maybe the
The only people who believe these people are real agents, and not just people secretly drugged and abused by agents, are acting more as the agents than they are.
bullshit.
'end to end encryption' works, but signal remains a US metadata spying operation, 'endorsed' by the likes of the 'ceo' of twatter. Hard to get a bigger red flag than that by the way.
Nah it's more like a bunch of people subjected to international spying operations figuring out the charades work that lets them escape a little bit. Also, free technology for others!
more bullshit.
When they say "metadata that the signal servers have access to" or "does not prevent a company from retaining information" they are talking about much smaller bits of data than people usually talk about.
.....I think it's rather clear what 'metadata' we're talking about. Signal knows who talks to who and when.
It doesn't sound like it's clear to you. Metadata lives in bytes that travel over network protocols and are analysed by algorithms.
Somebody has probably upgraded the concept now that deepfakes and such are normal.
what are you talking about