privacy

2947 readers

1 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

community.nicfab.it/c/privacy

founded 2 years ago

MODERATORS

Kokomheart@lemmy.ca

QuentinCallaghan@sopuli.xyz

altair222@beehaw.org

Signal under fire for storing encryption keys in plaintext (stackdiary.com)

submitted 4 months ago by neme@lemm.ee to c/privacy@lemmy.ca

16 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] sugar_in_your_tea@sh.itjust.works 14 points 4 months ago* (last edited 4 months ago)

malware could just capture that

From the article:

This means that while a keylogger might require admin access to install, any app or script with sufficient permissions could access these plaintext keys.

Malware to capture input would require privilege escalation as well, whereas this just requires being able to run code/copy files.

there is not a simple solution

But there are:

use the system keyring
store unencrypted key in memory in a background process (I.e. DIY keyring)

Essentially, force malware to either copy keystrokes or memory, both of which require admin privileges on most systems.