The last time Hackerfall tried to access this page, it returned a not found error.
A cached version of the page is below, or click here
to continue anyway
Steinar H. Gunderson
Signal is a pretty amazing app; it manages
to combine great security with great simplicity. (It literally takes two
minutes, even for an unskilled user, to set it up.)
I looked at the Wikipedia article,
and the list of properties the protocol provides
is impressive; I had hardly any idea you would even want all of these.
But I've tried to decode what they actually mean:
- Confidentiality: Messages are encrypted, so they cannot be read by
- Integrity: Messages are protected against corruption, whether random or
- Authentication: You know who sent a given message (although you'll need to
verify this out-of-band, of course). Note that while this usually implies
non-repudiation, see below.
- Participant consistency: In a group chat, everybody sees the same
list of people.
- Destination validation: Messages you got were intended for you.
- Forward secrecy: If someone gets to your keys (including long-term and
current session keys), they can't decrypt earlier messages.
- Backward secrecy (aka future secrecy): If someone gets to your keys,
they can't decrypt later messages.
- Causality preservation: Messages cannot come out-of-order.
- Message repudiation: You cannot cryptographically prove to others that someone sent a given
message, even though you know it yourself. (This is possible because at the
same time you get a signed message, you also get what would be needed to
fake that signature yourself.)
- Message unlinkability: Even if you could prove to others that someone
sent a given message (e.g. by arguing only they had that information),
that doesn't help proving it for any other messages.
- Participation repudiation: There's no way to cryptographically prove you were in a group
chat, even if all the other members of it conspire.
- Asynchronicity: Clients don't need to be online at the same time to send
(There are more guarantees and features for group chat.)
Again, it's really impressive. Modern cryptography at its finest.
My only two concerns is that it's too bound to telephone numbers (you can't
have the same account on two devices, for instanceit very closely mimics
the SMS/MMS/POTS model in that regard), and that it's too clumsy to verify
public keys for the IM part. It can show them as hex or do a two-way QR code scan, but
there's no NFC support, and there's no way to read e.g. a series of plaintext
words instead of the fingerprint. (There's no web of trust, but probably
that's actually for the better.)
I hear WhatsApp is currently integrating the Signal protocol (or might be
done alreadyit's a bit unclear), but for now, my bet is on Signal. Install
it now and frustrate NSA. And get free SMS/MMS to other Signal users (which
are growing in surprising numbers) while you're at it. :-)
Continue reading on blog.sesse.net