What advantage does Signal protocol have over basic public key encryption?
Karl
gmkarl at gmail.com
Sun Jan 31 12:57:57 PST 2021
>> Re Signal and Javascript, Signal offers its code in a signed binary, and
>>> offers the source to that binary for anybody to build and check.
>>
>> Signal offers source, but given that it's distributing binaries via app
>> stores, there's really no way to guarantee that the binary matches that
>> source code. Open source is great (Expensify.cash is as well), but still
>> requires that you trust the party giving you the binaries.
>
> I don't see your argument here. The only reasonable way to sell
> something on an app store is to distribute a binary. Meanwhile with
> the source available, people can build their own clients, and share
> them via other channels.
Sorry, I failed to notice what you were responding to.
Here is information on signal's reproducible builds:
https://github.com/signalapp/Signal-Android/tree/master/reproducible-builds
You actually can verify that the app from the play store is the one
you have the source to.
I am not a cryptographer and have no college degree.
More information about the cypherpunks
mailing list