And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

  • Lojcs@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Care to elaborate? You can’t just imply asymmetric encryption can be decrypted by 3rd parties and not explain how.

    Also I don’t know how exactly signal works but I know that you don’t need to share secrets externally to message someone, so how are they exchanging the symmetric keys without using asymmetric encryption to boot?

    • just_another_person@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      This is more of a “how encryption” works question, so I’ll just defer to some article response I got from Google which explains it simpler than I would:

      “When someone sends a message to a contact over an app using the Signal protocol, the app combines the temporary and permanent pairs of public and private keys for both users to create a shared secret key that’s used to encrypt and decrypt that message. Since generating this secret key requires access to the users’ private keys, it exists only on their two devices. And the Signal protocol’s system of temporary keys—which it constantly replenishes for each user—allows it to generate a new shared key after every message.”

      • Lojcs@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        That doesn’t explain why asymmetric encryption is insecure? In fact signal seems to be using two pairs of asymmetric keys to generate its symmetric secret, so it would also be prone to attack if asymmetric encryption was a flawed system.