(signal.org)

988 points keyboardJones | 4 comments | 08 Sep 25 16:43 UTC | HN request time: 0.001s | source

Show context

upofadown ◴[09 Sep 25 11:44 UTC] No.45180609[source]▶

The key is 64 characters? Even if that key is made out of decimal digits that works out to 212 bits. That seems quite excessive for a symmetrical key you are hoping to have a user deal with directly. It appears that the usability of this scheme could be significantly improved by simply using a shorter key.

replies(1): >>45180690 #

1. growse ◴[09 Sep 25 11:54 UTC] No.45180690[source]▶

>>45180609 #

What's the specific use case that benefits from a shorter key?

The only interaction I can ever see having with this key is putting it into and taking it out of my password manager....

replies(1): >>45180923 #

2. upofadown ◴[09 Sep 25 12:18 UTC] No.45180923[source]▶

>>45180690 (TP) #

The article specifically suggests writing the key down in a notebook. A single incorrect digit and the scheme fails much later in a way catastrophic to the user.

replies(1): >>45182643 #

3. whyever ◴[09 Sep 25 14:44 UTC] No.45182643[source]▶

>>45180923 #

Signal asks you to repeat the key immediately before even enabling backups. It cannot fail much later unless you modify the digit after the check.

replies(1): >>45183835 #

4. upofadown ◴[09 Sep 25 15:56 UTC] No.45183835{3}[source]▶

>>45182643 #

A longer key makes typing a bunch of characters back into the phone much less usable.

↑

Signal Secure Backups