ForgottenFlux@lemmy.world to Privacy@lemmy.mlEnglish · 7 months agoSignal under fire for storing encryption keys in plaintext on desktop appstackdiary.comexternal-linkmessage-square233fedilinkarrow-up1495cross-posted to: cybersecurity@sh.itjust.worksprivacy@lemmy.worldtechnology@lemmy.worldfoss@beehaw.orgprivacyguides@lemmy.oneprivacy@lemmy.ca
arrow-up1495external-linkSignal under fire for storing encryption keys in plaintext on desktop appstackdiary.comForgottenFlux@lemmy.world to Privacy@lemmy.mlEnglish · 7 months agomessage-square233fedilinkcross-posted to: cybersecurity@sh.itjust.worksprivacy@lemmy.worldtechnology@lemmy.worldfoss@beehaw.orgprivacyguides@lemmy.oneprivacy@lemmy.ca
minus-square9tr6gyp3@lemmy.worldlinkfedilinkarrow-up21·edit-27 months agoIf your device is turned on and you are logged in, your data is no longer at rest. Signal data will be encrypted if your disk is also encrypted. If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.
minus-squareuis@lemm.eelinkfedilinkarrow-up1·edit-27 months ago Signal data will be encrypted if your disk is also encrypted. True. and you don’t have any type of verified boot process How motherboard refusing to boot from another drive would protect anything?
minus-square9tr6gyp3@lemmy.worldlinkfedilinkarrow-up1·7 months agoIts more about protecting your boot process from malware.
minus-squareuis@lemm.eelinkfedilinkarrow-up1·edit-27 months agoWell, yes. By refusing to boot. It can’t prevent booting if motherboard is replaced. EDIT: s/do anything/prevent booting/
minus-square9tr6gyp3@lemmy.worldlinkfedilinkarrow-up1·7 months agoThats correct. Thats one of the many perks.
minus-square9tr6gyp3@lemmy.worldlinkfedilinkarrow-up1·7 months agoIf the hardware signatures don’t match, it wont boot without giving a warning. If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.
minus-squareuis@lemm.eelinkfedilinkarrow-up1·edit-27 months ago If the hardware signatures don’t match Compromised hardware will say it is same hardware If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning. Compromised hardware controls execution of software. Warning is done in software. Conpromised hardware won’t let it happen.
minus-square9tr6gyp3@lemmy.worldlinkfedilinkarrow-up1·7 months agoCompromised hardware doesn’t know the signatures. Math.
If your device is turned on and you are logged in, your data is no longer at rest.
Signal data will be encrypted if your disk is also encrypted.
If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.
True.
How motherboard refusing to boot from another drive would protect anything?
Its more about protecting your boot process from malware.
Well, yes. By refusing to boot. It can’t prevent booting if motherboard is replaced.
EDIT: s/do anything/prevent booting/
Thats correct. Thats one of the many perks.
EDIT: s/do anything/prevent booting/
If the hardware signatures don’t match, it wont boot without giving a warning. If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.
Compromised hardware will say it is same hardware
Compromised hardware controls execution of software. Warning is done in software. Conpromised hardware won’t let it happen.
Compromised hardware doesn’t know the signatures. Math.