this post was submitted on 07 Jul 2024
14 points (63.0% liked)

Privacy

4016 readers
23 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
iopq@lemmy.world
14
Signal under fire for storing encryption keys in plaintext (stackdiary.com)
submitted 2 months ago by aa1@lemm.ee to c/privacy@lemmy.world
3 comments fedilink hide all child comments
top 3 comments
sorted by: hot top controversial new old
[–] pearsaltchocolatebar@discuss.online 39 points 2 months ago* (last edited 2 months ago)

That's how encryption keys are typically stored.

If someone has enough access to your system that they can get to your stored encryption keys, you have much bigger problems.

[–] OsrsNeedsF2P@lemmy.ml 38 points 2 months ago

At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.

[–] where_am_i@sh.itjust.works 5 points 2 months ago

Next in the news: cloud infrastructure engineer had ssh keys in plain text on their MacBook exposing 99999 servers! Everything you ever stored on the internet is potentially compromised!