Attracting the Masses
Brian Acton (WhatsApp cofounder) injected $50m into the Signal Foundation, allowing them to grow from 3 to 50 full-timers.
Signal has added support for iPad, ephemeral images and video, downloadable customizable “stickers,” and emoji reactions. These features are meant to attract normal people.
HN: Signal is still lagging in essential features, e.g. processing vCards, exporting/migrating chat history. Sometimes security hampers convenience, e.g. stripping metadata from photos.
How complicated can downloadable customizable stickers be? Signal encrypts each sticker ‘pack’ with an encrypted key. The key is shared between users when a user wants to install new stickers on their phone. Signal’s server can’t identify the stickers, their creator nor their sender.
For group messaging, Signal teamed up with Microsoft Research. Signal uses anonymous credentials that let a server gatekeep group members without learning the members' identities.
Signal acknowledged the need for a non phone number identifier in 2014. The technical infrastructure isn’t there yet. Secure Value Recovery is being touted as a potential solution:
Secure Value Recovery
Allows users to create address books on a Signal server. The address book is encrypted with a key stored in the SGX secure enclave. The enclave is meant to hide certain data from the rest of the server’s OS.
Software Guard Extensions (SGX) is an Intel processor feature. The enclave runs code that the rest of the OS can’t alter. This code is signed with a unique key controlled by Intel. The signature can be used to verify that the code in the enclave hasn’t been tampered with.
User shares contacts with Signal. In the secure enclave, Signal compiles a list of known Signal-using contacts. Signal’s open-source server code is designed to immediately erase the address book info after processing it. Signal users can check that this code hasn’t been changed to somehow store the data instead.
HN: Many cryptographers don’t believe SGX will be technologically reliable anytime soon.
Intel SGX is Vulnerable to Load Value Injection
Poison a hidden processor buffer with attacker values.
Induce a faulting or assisted load in the victim program.
The attacker’s value is transiently injected into code gadgets following the faulting load in the victim program. In this short period, an attacker can arbitrarily hijack the control and data flow.
Side channels may leave secret-dependent traces, before the processor detects the mistake and rolls back all operations.