Comment on A fresh install of Signal takes up 410MB, blowing both Firefox and Chromium out of the water

<- View Parent
Natanael@slrpnk.net ⁨6⁩ ⁨months⁩ ago

I run a cryptography subreddit and it’s a term defined by professional cryptographers.

www.sectigo.com/…/perfect-forward-secrecy

link.springer.com/…/978-1-4419-5906-5_90

www.sciencedirect.com/topics/…/forward-secrecy

Literally all definitions speak of network traffic and leaked / extracted encryption keys. PFS is about using short term keys that you delete so that they can not leak later.

Backup and sync via a separate mechanism is not a PFS violation. In particular because they’re independent of that same encrypted session. It’s entirely a data retention security issue.

Matrix.org supports message log backup via the server, and does so by uploading encrypted message logs and syncing the keys between clients. You can delete the logs later, or delete your keys, or even push fake logs if you want. It’s still happening outside of the original encrypted session and the adversary can’t confirm what actually was said and

source
Sort:hotnewtop