Signal provides:
- Excellent protection against third party interception of communications (wiretapping).
- Limited protection against compromised (hacked) or lost devices
- No protection against certain common usage mistakes (accidentally including a reporter in your large group war planning chat).
If you look at the systems that are supposed to be used for classified communications, the underlying cryptography isn’t particularly different from Signal (the AES cipher can be used to protect classified material). That’s not what failed here.
The difference is that systems like Signal are designed to *facilitate* communication with anyone. Classified systems are designed to *limit* communication to authorized recipients.
Both are sensible for their respective - very different - purposes.
Infodump follows aimed at nobody in particular:
AES is the symmetric cipher, Signal uses ECC (on Curve25519 & derivatives: So X25519 and Ed25519) for the DR protocol, and ML-KEM as the KEM for the initial key exchange.
ECC is not quantum-safe: You can recover a private key from the public key and decrypt communication if you have a quantum computer. The protection from using a PQC (post-quantum) KEM for the initial key exchange is limited.
Additionally, Signal has a specific threat model, which can make using it insecure for a lot of usecases. For one, it is not anonymous. This means that it does not protect your identity, it only protects your messages. Aka it is fine for chatting with trusted parties, but dangerous for chatting with untrusted parties.
Matt Blaze
ity [unit X-69]
Glyph
Sophie Schmieg