back to article 'Trust it': Results of Signal's first formal crypto analysis are in

Encrypted SMS and voice app Signal has passed a security audit with flying colours. As explained in a paper titled A Formal Security Analysis of the Signal Messaging Protocol [PDF], published by the International Association for Cryptologic Research, Signal has no discernible flaws and offers a well-designed and compromise- …

  1. seven of five

    Google play

    Signal would be much more cool if it would not require Google play (or its push services). Though I completely understand rolling out your own push infrastructure is no small feat. I´d gladly pay for it, though.

    1. Chris Fox

      What about Conversations?

      I won't use Signal due to its reliance on Google Play Services, which is disabled on my phone. The Convesations app seems a better choice for many reasons: it also has double-ratchet encryption with a published spec (OMEMO), as well as OTR and stream management, and complies with open standards, works on self-hosted infrastructure, and does not need Google Play service, while still having very low power requirements. The main thing that prevents Conversations being close to an ideal chat application is that many of the larger providers of XMPP-based services (e.g. Facebook) refuse to support XMPP peering, but then lack of meaningful peering is a problem faced by all chat applications except email and SMS.

  2. Anonymous Coward
    Anonymous Coward

    it's great

    as in "great irony" that the most secure app tries to force users to download it from google store (or whatever it's called these days), and keep whining that it absolutely MUST use google services.

    btw, I know the maker's arguments, they're valid. Still, trust and Google make a rather pathetic couple.

    1. John Robson Silver badge

      Re: it's great

      If you're happy with the system running on a fully adversarial network then it can run through anyone's tech.

      It potentially allows google to cut the wire - but that can't be done secretly.

      The authors can verify that the app they get from the store is the same as the one they put there...

      1. Anonymous Coward
        Anonymous Coward

        Re: it's great

        Google is the reason I don't run Signal. If you have to cough up your details to them to obtain the app it nullifies the whole point for me. I don't want and will not have a Google account. Sure they are probably going to harvest my data anyway -I know when I'm outgunned- but it's going to be without my consent and without my help; even if I have to do things the hard way.

  3. Joe Harrison

    Complexity is the enemy

    The review implies that the app's internals with its mutating keys and so on are just too hard to understand. This doesn't sound good to me because effective crypto is already (as far as we know) a solved problem even using relatively simple algorithms and key material. Somebody understands how this app works and what's to stop them putting in their own unfindable backdoor.

  4. Martin Jones

    You mean apart from the fact that the code is published publicly for anyone to check for backdoors for themselves?

    https://github.com/WhisperSystems/Signal-Android

    1. Anonymous Coward
      Anonymous Coward

      Check for backdoors yourself: How many are competent to check and how many of those actually would?

      1. Robert Helpmann??
        Childcatcher

        Check for backdoors yourself

        There are a growing number of people who make their living from finding flaws in software and reporting them to the app owners. Establishing a bounty on this would attract these folks and the job would get done. This is a problem that has already been solved.

        1. Anonymous Coward
          Anonymous Coward

          Re: Check for backdoors yourself

          There's almost no overlap among people finding security holes in software and finding flaws in an encryption scheme. The fact that Signal does its own thing and has no documentation means that almost no one qualified will be looking. Even these guys essentially punted on the question, since they didn't do an in-depth analysis.

          But if terrorists are using it, you can be sure the NSA has people doing such a deep dive, and if they find flaws they aren't going to tell anyone about them.

  5. Jess

    Is this app any good?

    Is it independent of a smartphone?

    Are there apps for Mac (10.6+), Windows and Linux?

    Is there a pidgin plugin?

    Otherwise I think it's stick to ICQ and Telegram.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is this app any good?

      Good questions. Downvoters: GFY.

      These are the salient facts (source: wikipedia)

      - E2E-encrypted one-to-one and group chat

      - via central servers run by Open Whisper Systems

      - smartphone (Android or iOS) required for signup

      - phone number required for signup verification (need not be associated with the phone)

      - "desktop" app available as a Chrome extension, currently preview release, does not support signup

      Certainly has its limitations but sounds like a decent alternative to non-E2E chat apps like Slack, Google, Facebook, Whatsapp.

  6. Arthur the cat Silver badge

    Yes but

    There are some worrying aspects about Signal. Firstly "Signal employs a novel and unstudied design" is the sort of thing that normally causes cryptographers eyebrows to be raised, but given the pedigree of the originators that's mitigated somewhat. However, there are other concerns, such as Google's necessary involvement, that worry people. This is a good summary of the possible problems: "Why I won’t recommend Signal anymore".

    Like all things, it's up to potential users to evaluate it in light of their particular requirements, rather than simply labelling it good/bad.

    1. Adam 1

      Re: Yes but

      The two statements that concern me about this research are:

      1. Signal employs a novel and unstudied design, involving over ten different types of keys and a complex update process which leads to various chains of related keys

      Novelty is not a positive feature. It doesn't necessarily mean it's negative (all designs were at some point in human history considered novel in this sense) but anything that makes it harder to study is just security through obscurity. In the same way obscurity doesn't mean insecure, but the obscurity may mask some actual flaws from the whitehats/design reviewers so the security ends up compromised.

      That leads to

      2. the protocol is not substantially documented beyond its source code

      Given the supposed advantage of the novel design, the design itself should be will documented at a high level so that inherent design flaws can be effectively studied. Not the implementation itself (through implementation bugs also need to be checked) but the interaction between the parties with data/keys/RNG etc for inherent attack vectors.

  7. Anonymous Coward
    Anonymous Coward

    Signal?

    Those who know the "developer" behind it won't touch it with a six-foot pole.

    I wouldn't normally criticise people anonymously, but the guy is full of hot air, his only real skill being knowing how to play the media for hype. On the other hand his technical incompetence is legendary, as when an early version of this signal application was just leaking all the stuff in plain text through the system logs or when he set up his "Google anonymiser" that he controlled, with no proof whatsoever that he wasn't himself doing the sort of snooping he accused Google of, and got cut off by his ISP for providing fake WHOIS details. And as has been pointed out above repeatedly, this supposed "privacy" application requires Google services so that it can collect usage stats, as mentioned by the "developer" in one of the discussions as to why he won't allow it to be distributed on F-Droid.

    Lastly:

    They conclude that it is impossible to say if Signal meets its goals, as there are none stated

    Truly professional engineering, eh? Good thing the guy did not decide to take up aeronautics for a career.

    Really, he should just go and become a PR consultant which is what he's indisputably good at.

    1. Anonymous Coward
      Anonymous Coward

      Re: Signal?

      Your statement is unsupported by evidence:

      this supposed "privacy" application requires Google services so that it can collect usage stats, as mentioned by the "developer" in one of the discussions as to why he won't allow it to be distributed on F-Droid.

      The reasons for the developer (not a "developer", as this would be somebody who pretends to be a developer, but isn't) for not allowing his app to be distributed on F-Droid were quite different to what you're trying to make them to be. I don't remember exactly what he said, but his objections were that given the real world situation, he'd rather go with one (untrustworthy from the point of privacy) platform, i.e. google, than let his app be exposed to numerous, and harder to track vectors of attack if it were to be distributed via F-Droid. I can't comment on the actual operation of the app, which relies on google services.

      Nevertheless, one can still question the whole point of making a privacy app - and letting it run on the back of the most blatant violator of privacy in modern days.

      1. Anonymous Coward
        Anonymous Coward

        Re: Signal?

        > The reasons for the developer (not a "developer", as this would be somebody who pretends to be a developer, but isn't)

        Precisely, hence the quote marks. Didn't want to offend any developers (you know, the sort that actually define goals and set out requirements, for example?) by associating this guy with them.

        > I don't remember exactly what he said, but his objections were that given the real world situation, he'd rather go with one (untrustworthy from the point of privacy) platform, i.e. google, than let his app be exposed to numerous, and harder to track vectors of attack if it were to be distributed via F-Droid.

        Yes, he did say that as well (as I recall, either in the F-Droid forums or in a Github ticket). It was pointed out to him at some point that for his reasoning to work, one would have to trust *him* as well as Google, for while source code is available (but not open source, given that he threw his toys out of the pram when this was added to F-Droid), there is zero assurance that the code on Github is exactly where the binaries come from.

        > Nevertheless, one can still question the whole point of making a privacy app - and letting it run on the back of the most blatant violator of privacy in modern days.

        Indeed, strange that this guy no longer seems to harbour those same concerns about Google's privacy policies that he supposedly had back in the day when he set up that proxy thing that I mentioned above.

        In short, through his lack of engineering qualifications and skill this guy is actively dangerous when it comes to user privacy and online security, and given his penchant for manipulating the tech media, I wouldn't say he's exactly well intentioned either. We need proper researchers, not media divas.

        Use any of his stuff, if you must, at your own peril.

  8. get off

    Which one should I use!!

    Hell, I've got them all on my tablets (Signal, Silence, Telegram and yes LINE).

    Not registered with all of them but I no longer have any idea which one to use anymore.

    At least LINE (Spin off from Jap Gov+Post Office/Disaster department. Open Source. dont believe so. Encrypted yes. Non EU/US though) I believe is cross device. Txt, vid and voice plus it has insane emoticons.

    'Silence' I believe is SMS only but friends are on X I'm on Y. So it's a mind boggle.....

    If anybody want to spoon feed me, as to which one I 'should' be using then I'm happy to learn.

    1. anon9045839452

      Re: Which one should I use!! -NONE-

      I cant believe no one has recommended CHATSECURE yet!

      -Open Source

      -Runs on Android, iOS; (download from apple app store, F-Droid, Google Play, guardian project website and source code on github)

      -awesome OTR protocol that has deniability with no digital signatures and perfect forward secrecy with strong 256 bit AES encryption

      -Uses xmpp protocol so you can use one of any of the many public or private xmpp servers, or use facebooks or google servers to communicate, or use your own xmpp server

      -compatible with other platforms that use xmpp and OTR such as pidgin (when plugin has been added), tor messenger, adium, Jitsi as well as others

      -SUPPORTS TOR!

      -SQLCipher for securing local device

      It kinda kicks more ass on android than it does on iOS cuz it doesnt stay well connected to the other user compared to how awesome it works on android. Also i find the iOS device doesnt work with the built in tor feature. The Tor feature is buggy on iOS when connected to an android instance using tor.... but droid to droid both using tor seam to work great

      its cross platform compatibility means that a PC or Mac user (or someone using a desktop *nix distro) can easily talk to someone using chatsecure by using tormessenger or pidgin with otr installed.

      I dont use signal because i cant seam to install it on my ipod touch and iphone as it needs a newer version of iOS. I also dont think I trust it now that I have read some of the other comments in this thread. The dev of signal doesnt inspire confidence in the implementation of the crypto and a lot does appear to be media hype in the last few months.

      The voice features that signal has are cool - as are other features it has. Chat secure has a "walkie talkie" kind of voice chat feature, even tho it doesnt explicitly advertize this. Im not sure how chat secure secures the audio, but signal uses zrtp which is cool.

      I also dont particularly like that you cant choose where your data is routed with signal - it only supports using their servers. open whisper systems does not open source the server side of the signal service.

      Signals centralized servers also store all public keys, provide key exchange, and hold the contact lists for its user base. I dont like this

      Atleast with chat secure you can chose what servers you'd like to use. Signal apparently has servers in 10 countries to help handle its loads with the user having no control over what countries (and thus, jurisdictions) you end up mingling with.

      With chatsecure you can allow only a connection through a public or private and optionally password protected and SSL encrypted xmpp server in whatever jurisdiction that you deem to be the the most secure in your particular situation and both clients can be using tor if you want.

      If you dont find a server you trust, then you can even set up an xmpp server yourself using the software of your chosing, hardening the communication and server to your own level of comfort and nessesity you think you might need. Even set it up and password protect it, authenticate connecting users, wrap all communication in an extra layer of encryption and use a VPN in a country with a language barrior and with no jurisdiction, extradition treaty and on another contenent than the country you are in. All running on top of a tor hidden service. Signal users cant do that

      Oh, and chatsecure allows you to create a one-time 'burner' user account if you think it might be necessary to use an account only once to communicate with some one

      Chat secure also had a half brother at one point called textsecure. They were almost twins at the time, but textsecure allowed OTR over SMS... something that is no longer supported since signal took over the unofficial fork. too bad... OTR over SMS would be super handy to some people in some countries that dont have data and only have SMS....

      Redphone is now Signal. This kind of sucks too because it worked on older versions of iOS and now some of my friends who have older apple hardware can no longer get redphone. Signals compatibility with only newer iOS versions have actually made it so LESS people can chat securely via SMS/textsecure and Redphone no longer being hosted by the appstore or google play - if you want it on an older version of iOS then too bad.

      Tinfoil at says that it a conspiracy to slowly make it harder for more devices to be compatible with strong encryption - but more likely its just the app developers not even contemplating the effects of ignoring back compatibility with older OS software/hardware and its effect on the masses of non-techie users abilities to safely use strong crypto to protect their privacy

      Im not saying OWS or signal or the devs of signal are bad, or are short sighted or are evil privacy hating NSA spooks... but if you want to donate to a secure app, support chatsecure. Its better in almost every way

      https://chatsecure.org/

      https://twitter.com/chatsecure

      https://github.com/ChatSecure

      https://www.facebook.com/chatsecure

      https://itunes.apple.com/us/app/chatsecure

      https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im

      you can donate to chatsecure here: https://www.coinbase.com/checkouts/1cf35f00d722205726f50b940786c413

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like