josefStallman wrote
Reply to comment by An_Old_Big_Tree in How to Use Signal Without Giving Out Your Phone Number by An_Old_Big_Tree
Signal uses their own encryption algorithm that hasn't been extensively examined as other algorithms, and it's use of centralised servers poses problems as well.
malifica wrote
I mean like the Double Ratchet Protocol is also used by
- OMEMO
- Matrix
- Wire
- WhatsApp (eww)
It's not exactly an obscure algorithm.
The Signal protocol has also undergone formal analysis, where it has been determined to be cryptographically sound.
I'm curious as to what you recommend people use over the Signal protocol. Not PGP, I hope.
--
There are valid concerns for Signal as software.
- Signal is Mobile-Centric
Phones are generally not secure devices. There are a variety of concerns related to trusting phones.
- Signal is Centralized
Your metadata can be used to determine a lot about you.
- Signal is Difficult to Compile from Source
Because it is a mobile app and officially recommends installation from Google Play.
- Signal's Desktop App is a Steaming Pile of Electron Shit
Seriously, it's awful.
--
But none of these very valid concerns are strikes against the Signal protocol. The Signal protocol is secure (as far as we know), and used by some truly brilliant software (like OMEMO).
Viewing a single comment thread. View all comments