AprilF00lz@lemmy.ml to Privacy@lemmy.mlEnglish · 8 months agoDownsides of Signal alternatives compared to Signal?message-squaremessage-square87fedilinkarrow-up192arrow-down15file-text
arrow-up187arrow-down1message-squareDownsides of Signal alternatives compared to Signal?AprilF00lz@lemmy.ml to Privacy@lemmy.mlEnglish · 8 months agomessage-square87fedilinkfile-text
I’m thinking of the things listed on the Privacy Guides real-time communication section https://www.privacyguides.org/en/real-time-communication/
minus-squarejetAlinkfedilinkEnglisharrow-up6arrow-down2·edit-28 months agoBrute forcing 4-6 digit pins is trivial. And even if the user set a actual password, it’s still very trivial https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
minus-squareryannathans@aussie.zonelinkfedilinkarrow-up2·8 months ago“Very trivial” if they set a proper password? Yet the source you provide says it’s robustly secure
minus-squarejetAlinkfedilinkEnglisharrow-up1arrow-down1·8 months agoI can’t find the phrase robustly secure in the last link: https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/ Signal asks users to set a pin/password which needs to be periodically reentered. This discourages people from using high entropy passwords like BIP38.
Brute forcing 4-6 digit pins is trivial.
And even if the user set a actual password, it’s still very trivial
https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
“Very trivial” if they set a proper password? Yet the source you provide says it’s robustly secure
I can’t find the phrase robustly secure in the last link:
https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
Signal asks users to set a pin/password which needs to be periodically reentered. This discourages people from using high entropy passwords like BIP38.