Signal provides:
- Excellent protection against third party interception of communications (wiretapping).
- Limited protection against compromised (hacked) or lost devices
- No protection against certain common usage mistakes (accidentally including a reporter in your large group war planning chat).
If you look at the systems that are supposed to be used for classified communications, the underlying cryptography isn’t particularly different from Signal (the AES cipher can be used to protect classified material). That’s not what failed here.
The difference is that systems like Signal are designed to *facilitate* communication with anyone. Classified systems are designed to *limit* communication to authorized recipients.
Both are sensible for their respective - very different - purposes.
Most likely Signal was chosen because a) it helps bypassing documentation requirements, as has been the case with similar cases, and b) it protects against interception.
The more interesting question that nobody has asked so far, despite it's being hinted at in the article in The Atlantic: why is a) so acceptable that all of these folks routinely use Signal for that purpose? You don't "accidentally" tune in to such undocumented conversations.
@peteriskrisjanis @katzenberger @mattblaze Not necessarily - avoiding FOI requests has been a major focus for Project 2025.
Not sure why they're worried about their actions being scrutinized </sarcasm>
On the contrary, it is deliberate obstruction. Look at the chat screenshots in the article:
The messages have the timer icon, bottom right. This means that #DisappearingMessages was enabled for this #Signal chat.
Infodump follows aimed at nobody in particular:
AES is the symmetric cipher, Signal uses ECC (on Curve25519 & derivatives: So X25519 and Ed25519) for the DR protocol, and ML-KEM as the KEM for the initial key exchange.
ECC is not quantum-safe: You can recover a private key from the public key and decrypt communication if you have a quantum computer. The protection from using a PQC (post-quantum) KEM for the initial key exchange is limited.
Additionally, Signal has a specific threat model, which can make using it insecure for a lot of usecases. For one, it is not anonymous. This means that it does not protect your identity, it only protects your messages. Aka it is fine for chatting with trusted parties, but dangerous for chatting with untrusted parties.
@mattblaze I am starting to feel like I said something wrong here ?
If there's any mistakes in what I said feel free to correct me, I am always eager to learn ^^
Matt Blaze is a well know academic security expert, so he's poking fun at being lectured on systems he understands very well lol
@ity Additional context you might be missing: He was commenting specifically on this breaking news story wherein top level US government people accidentally added a journalist to their signal loop planning military strikes, so the quantum safety (or lack thereof) of signal and the lack of anonymity is pretty irrelevant to this specific issue. Your post might have come off as lecture-y for this reason
@void_turtle Ah, yea I was missing that context completely :(
I don't keep up with US news anymore, it's too depressing
Ah, I misread your post then, I was missing the context it was in since I don't follow US news a lot. That's fair ^^
@ity @mattblaze oh no, now I feel bad for the chuckle.
Your first reply came across as correcting or explaining to him directly and @mattblaze is a well regarded cryptography expert and definitely knows all that.
I'm gunna take a swag at how your brain works and just say that I've been there. Even though this is a public forum, when you reply to someone it's generally taken as a direct reply to them unless otherwise specified. So next time just maybe preface with the info dump explanation you gave here.
Don't take it personally, you weren't trying to be rude, you were just excited and it came off in a wrong way.
Thanks >.< Yea, I was not trying to be rude, and rather just wanted to infodump about cool cryptography things. I can edit the post to make it clearer that an infodump follows ig
@mattblaze Oh lol I just googled your name
Apologies, I like cryptography. Again, if there's something I said wrong in my post, please correct me.
@RobertoOtarola
PEBKAC in the wild. Hard to encrypt around that.
I'm sorry people are giving you a hard time.
I'm sure I'm not the only one who valued your reply.
Please don't feel like you can't post ideas and information - someone will find them useful.
@mattblaze
That's so crazy that it just might work!
The "I" in "FIPS" is for "impediment".
@dymaxion @sophieschmieg @mattblaze
In a past life and job, the phones were sound powered, with no electronics or external power.
So, yes…
I gotta SCIF* in my pocket, baby.
Matt Blaze
KuJoe 💞
Raglan Niall 
Tanguy ⧓ Herrmann
katzenberger 🇺🇦
Pēteris Krišjānis
Stryder Notavi
CodexNotFound
ity [unit X-69] - VIOLENT FUCK
Glyph
Sophie Schmieg
Steve Bellovin
Void Turtle
blausand 🐟
0xC0DEC0DE07E9
Scissors Cut Paper...
Varx
Raph Levien
Joshua Barretto
Peter Bindels
Roberto Otárola Estrada
xinit ☕
LisPi
Tariq
Grumble 🇺🇸 🇺🇦
floppergostic
srslypascal
jb
Eleanor Saitta
Christian Huitema
cd ~
🆘Bill Cole 🇺🇦
David Chisnall (*Now with 50% more sarcasm!*)