Skip Navigation

Signal under fire for storing encryption keys in plaintext on desktop app

stackdiary.com Signal under fire for storing encryption keys in plaintext

Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application. Researchers and app users are raising

Signal under fire for storing encryption keys in plaintext
234

You're viewing a single thread.

234 comments
  • Whatever its stores and however it stores it doesn't matter to me: I moved its storage space to my ~/.Private encrypted directory. Same thing for my browser: I don't use a master password or rely on its encryption because I set it up so it too saves my profile in the ~/.Private directory.

    See here for more information. You can essentially secure any data saved by any app with eCryptfs - at least when you're logged out.

    Linux-only of course. In Windows... well, Windows.

    • Or ext4 encrytion. Which is overpowered. You can have different keys for different files and directories.

234 comments