Signal under fire for storing encryption keys in plaintext
stackdiary.com
Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application. Researchers and app users are raising
  • @Majestic@lemmy.ml
    16 months ago

    I mean combined with any kind of function, even a trivial kind. A salt derived from some machine state data (a random install id generated on install, a hash of computer name, etc) plus a rot13 or something would still be better than leaving it plaintext.

    • @uis@lemm.ee
      16 months ago

      Malware has access to it.

      If fs is not encrypted, then malicious hardware(FSB agent’s laptop) also has access to it. If encrypted, then it we are back to statement many people told here about encrypting fs.

      plus a rot13

      That’s not salting.