New design sets a high standard for post-quantum readiness.
Great. Now we just have to get Signal off AWS and we be good.
Signal puts a lot of effort into their threat model that assumes a hostile host (i.e. AWS). That’s the whole point of end to end encryption, even if the host is compromised the attackers do not get any information. They even go as far as padding out the lengths of encrypted messages so everyone looks like they are sending identical blocks of data
I’m assuming that they were more referring to the outage that occurred today that pulled a ton of the internet services, including signal offline temporarily.
You can have all the encryption in the world, but if the centralized data point that allows you to access the service is down, then you’re fucked.
no matter where you host, outages are going to happen… AWS really doesn’t have many… it’s just that it’s so big that everyone notices - it causes internet-wide issues
Monero, Nostr, Lemmy, and Mastodon did not go down. Why? Because they are decentralized
that’s pretty disingenuous though… individual lemmy instances go down or have issues regularly… they’re different, but not necessarily worse in the case of stability… robustness of the system as a whole there’s perhaps an argument in favour of distributed, but the system as a whole isn’t a particularly helpful argument when you’re trying to access your specific account
centralised services are just inherently more stable for the same type of workload because they tend to be less complex, less networking interconnectedness to cause issues, and you can focus a lot more energy building out automation and recovery than spending energy repeatedly building the same things… that energy is distributed, but again it’s still human effort: centralised systems are likely to be more stable because they’ve had significantly more work put into stability, detection, and recovery
That was my point. But as somebody else pointed out here, the difficulties in maintaining the degree of security we currently enjoy as Signal users starts to get eroded away
Padding isn’t anything special. Most practical uses of block ciphers require it.
sending identical blocks of data
Nitpicking here but assuming from the previous words in your comment that you mean blocks of data of identical length.
Although it should be as if we are sending multiples of identical size, I suppose.
Anyway, sorry for nitpicking.
or federated server
Would be very cool to be able to host a Signal homeserver.
https://signal.org/blog/the-ecosystem-is-moving/ here is Moxi’s take on that (former Signal CEO).
So I don’t think it’s happening.
they won’t do that.
Matrix tried for quite a while to get interoperability, but signal is just too paranoid about distributed hosting or interoperability of their software/protocol. it’s quite annoying
And yet simplex exists.
Wait, simplex isn’t paid?
No, it’s totally free and open source, and you can host it on your own server if you wish.
I guess the research doesn’t have to be limited to signal. If other apps can benefit from it the more resilient “private communications over the internet” get.
So that’s why Signal didn’t send my messages very quickly today then, maybe.
It’s not completely out yet. That was likely AWS being down.
Also, the new quantum protected message encryption headers are about 2kb. If that’s causing issues with your internet, you may want to consider looking at new internet.
2kb? While it may not sound like much, that’s at least three packets worth of data (depending on MTU). If you think about it in terms of how TCP sends packets and needs ACKs, there’s actually a lot of round trip data processing going on for just that one part.
TCP will generally send up to 10 packets immediately without waiting for the ACKs (depending on the configured window size).
Generally any messages or websites under 14kb will be transmitted in a single round-trip assuming no packets are dropped.
That was likely AWS being down.
Sorry, yeah, that’s the only thing I was referring to.
My internet connection is 500/500 Mbps, and I can’t change it. 😄👍
Should have been pretty obvious to anyone reading any tech news whatsoever today, especially in the context of where you responded. No apology from you should have been necessary!
You would think 😅 The sorry was sightly sarcastic, but shhh, nobody need know
Having in mind we are not even close to breaking classical cryptography with quantum computing I doubt this was their best investment of time
Lol, it shows the hype quantum computing has sold and how detached the public thought is about it from reality.
I’m friends with two quantum computing researchers and they are pretty sure quantum computing will never be a practical application because of how the noise and errors scale with the system size.
Their core feature is secure messaging, so I’d say this result highlights their dedication to the secure aspect of it. So an excellent feature in terms of branding, and probably has more benefits in other places e.g. attracting talent, as developers now can see Signal offers great opportunities to work on complex problems.
So I’m curious; what do you think would be better investment of their time?
Like allowing a federated system instead of a central one, not depending in external libraries and services, and so on. I bet there are many things that would actually improve the security instead of this that is more of a marketing point.
the best time was yesterday. the next best time is today. securing systems after they’re broken, when data could actively be collected prior to the breakthrough, is not the way to approach security.
There are nation states just straight up intercepting and storing signal data on their networks in hopes that it can be decrypted in the future. 20 year old messages will still be useful.
Also known as Harvest now, decrypt later. And it’s a serious security threats that Signal must consider and handle
We’re as close to quantum computers as we are to ChatGPT becoming sentient.
It’s future-proofing. It means my messages are not only safe today but, even if they are intercepted or leaked somehow, will also be safe in the future.
I doubt that the first ones to break it will be eager to communicate their findings to the public.
This tech is far to valuable for military/spionage goals. For all we know it already exists.
