And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

  • just_another_person@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    This is more of a “how encryption” works question, so I’ll just defer to some article response I got from Google which explains it simpler than I would:

    “When someone sends a message to a contact over an app using the Signal protocol, the app combines the temporary and permanent pairs of public and private keys for both users to create a shared secret key that’s used to encrypt and decrypt that message. Since generating this secret key requires access to the users’ private keys, it exists only on their two devices. And the Signal protocol’s system of temporary keys—which it constantly replenishes for each user—allows it to generate a new shared key after every message.”

    • Lojcs@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      That doesn’t explain why asymmetric encryption is insecure? In fact signal seems to be using two pairs of asymmetric keys to generate its symmetric secret, so it would also be prone to attack if asymmetric encryption was a flawed system.