Signal under fire for storing encryption keys in plaintext
stackdiary.com
Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application. Researchers and app users are raising
  • Possibly linuxEnglish
    166 months ago

    If someone has access to your machine you are screwed anyway. You need to store the encryption key somewhere

    • @x1gma@lemmy.world
      -16 months ago

      Yes, in your head, and in your second factor, if possible, keeping derived secrets always encrypted at rest, decrypting at the latest possible moment and not storing (decrypted) secrets in-memory for longer than absolutely necessary at use.