←back to thread

Signal Secure Backups

(signal.org)
988 points keyboardJones | 1 comments | 08 Sep 25 16:43 UTC | HN request time: 0s | source
Show context
codethief ◴[08 Sep 25 23:15 UTC] No.45175387[source]
Hi @greysonp

> Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive.

So IIUC backups will not be incremental and I will have to re-upload my 15 GB backup archive every day? Why is that? What's the security risk here? (Obviously I'm not suggesting encrypting & uploading each message & media file individually but splitting things up into same-sized chunks, like e.g. borgbackup does.)

> At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. This key is different from your Signal PIN, which serves different purposes.

Both recovery key and Signal PIN seem to serve the exact same purpose, though, namely restoring data (conversations, contacts, account, …)? Why not unify them?

replies(5): >>45175398 #>>45175402 #>>45175488 #>>45175493 #>>45176074 #
elvisloops ◴[08 Sep 25 23:30 UTC] No.45175493[source]
Giving people a 64-character key also feels uncharacteristically crude for Signal. It's not realistic to hand people 64 characters and tell them to “store this securely.” Most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.

That's less of a problem when the backups are local, because access to the local backups implies access to the device, but if the backups are in the cloud with no forward secrecy, this seems like a huge security backslide for Signal.

replies(1): >>45175736 #
codethief ◴[09 Sep 25 00:03 UTC] No.45175736[source]
I get your point but is a large set of dictionary words or 5-digit numbers (see the current backup passphrase) so much better? At the end of the day, recording entropy will always be cumbersome and there is no way around it.

> Most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.

At least on Android apps can disable screenshots, though, which might be a simple way to deter people from doing that?

replies(2): >>45176140 #>>45176453 #
dlgeek ◴[09 Sep 25 00:59 UTC] No.45176140[source]
I think a large set of dictionary words are likely more user friendly. I think most people will have a lot more confidence on their ability to transcribe words to/from paper more accurately than a bunch of numbers - better built in error correction, etc.
replies(1): >>45177048 #
1. itake ◴[09 Sep 25 03:26 UTC] No.45177048{3}[source]
Sanely formed numbers (like 4 digit groups with a checksum) seems like less writing to me, b/c I hate my hand writing.