Signal Secure Backups

(signal.org)

988 points keyboardJones | 1 comments | 08 Sep 25 16:43 UTC | HN request time: 0.211s | source

Show context

codethief ◴[08 Sep 25 23:15 UTC] No.45175387[source]▶

Hi @greysonp

> Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive.

So IIUC backups will not be incremental and I will have to re-upload my 15 GB backup archive every day? Why is that? What's the security risk here? (Obviously I'm not suggesting encrypting & uploading each message & media file individually but splitting things up into same-sized chunks, like e.g. borgbackup does.)

> At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. This key is different from your Signal PIN, which serves different purposes.

Both recovery key and Signal PIN seem to serve the exact same purpose, though, namely restoring data (conversations, contacts, account, …)? Why not unify them?

replies(5): >>45175398 #>>45175402 #>>45175488 #>>45175493 #>>45176074 #

EGreg ◴[08 Sep 25 23:17 UTC] No.45175398[source]▶

>>45175387 #

The PIN is a lot easier to guess on a remote machine storing a backup, the space is small. In the context of your device, they can throttle it.

replies(1): >>45175459 #

1. codethief ◴[08 Sep 25 23:26 UTC] No.45175459[source]▶

>>45175398 #

Ah yes, the Signal PIN is backed by Intel SGX to ensure it can't be hacked even if the user has not provided enough entropy. However, why not simply rule out the low-entropy case altogether and use that randomly generated 64-character key throughout? That way, we also wouldn't have to trust Intel SGX… (which I think we shouldn't)

↑