Comment by Grisu_FTP
13 hours ago
I might be misremembering or mixing memories but i remember something about them only storing the hash of the number.
So the FBI cant ask what phone number is tied to an account, but if a specific phone number was tied to the specific account? (As in, Signal gets the number, runs it through their hash algorythm and compares that hash to the saved one)
But my memory is very very bad, so like i said, i might be wrong
It would be absolutely trivial for the FBI to hash every single assigned phone number and check which one matches. Hashing only provides any anonymity if the source domain is too large to be enumerable.
Brief research says that Signal does store phone numbers.
Regarding hashing: while unsalted phone number hashes would be easy to reverse then I doubt that any hashing scheme today is set up like that.
You don't even need to think about how the hashing scheme and salt is set up. If Signal can check if a phone number matches the hash in any reasonable amount of time (which is the whole point of keeping a hash in the first place) then the FBI can just do that for all phone numbers with very realistic compute resources once they get Signal to cough up the details of the algorithm and magic numbers used.
Well, Signal would have to disclose the salt of course.