Comment by MuffinFlavored
2 years ago
If you really wanted to talk to somebody in a "non-decryptable" fashion, could you set up like a channel that encrypts itself with a ton of different encryption methods, keys, etc. (encrypted payloads inside each other)
Signal encryption is its main feature (I think) and how easy it makes it (abstracts handling key transfer and all that), I'm just trying to think through... if I wanted nobody to read what I was saying , would I use an app/target as popular as Signal or something homegrown?
You don't need multiple security protocols (and in fact that is almost always a bad idea). You just need one good protocol and a way to securely exchange the keys. What signal solved for the most part is the secure key exchange.
If you want to talk to one person, you can give them a USB key in person with a set of crypto keys and then use that to encrypt your messages over any transit method and it will be secure.
The hard part is the key exchange.
It's a bit off topic, but I've wondered the same.
We could stack a hundred layers of encryption algorithms, and if just one of them works, then the whole stack is secure.
You could, but you'd be adding complexity to solve a mostly non-existent problem. Security is rarely broken because the algorithm itself is broken. It's usually because one end has a key logger or other vulnerability. Or they are literally storing the unencrypted text in an unencrypted data store after reading it.
In the meantime, the added complexity adds new places for errors.
Yep, people who think about messaging security as a problem of sending data from one computer to another are missing a huge part of the attack surface. To fully understand the entire problem set, we need to consider the entire pathway from one human's brain to another.
I think the biggest risks for most people are going to be around key management, social engineering, and exploitation of terminal devices (i.e. if somebody has compromised your device running signal and can observe the message before encryption or after decryption).
More layers of encryption doesn't really solve those problems.
lots of drug traffickers went with something homegrown (Anom), which turned out to be an FBI front. they'd have been a lot safer sticking to Signal. and you can audit the Signal client's source code, which is enough to verify its secrecy.