undefined | Better HN

0 pointsdan-robertson5y ago0 comments

To add to this: the point of the disappearing messages in signal is to enhance the value of the forward secrecy by not having the record of the messages (so long as both devices are using correct clients and no one is screenshotting messages.

The other feature is deniability: having an encrypted message and it’s decryption doesn’t give you any more information than a screenshot of the message in signal. There isn’t a way for the encrypted message to prove that it was legitimate as the previous keys are revealed in a way that means anyone sniffing the traffic could make a message encrypted with that key.

0 comments

3 comments · 1 top-level

h_anna_h5y ago· 2 in thread

Afaik, the messages should be deniable as long as they are not signed, not sure how delta chat handles it though. Regarding deniability I personally would consider it as an anti-feature because the one receiving the message can't prove to the wider world that they received it from a certain person and similarly someone who is falsely accused of posting a certain message can't go and say "show the signatures of the messages or you are lying".

By the way, do you know if the one receiving the messages can force messages that are marked as "disappearing" to be kept?

dan-robertsonOP5y ago

It is true that messages would be deniable if they weren’t authenticated. The design of signal’s protocol is such that messages are authenticated but deniable: it is possible for the recipient to determine that the message was genuine (the information you want to send) but it is not possible for a third party to prove that a message was authentic (the information you don’t want to leak).

See also, this article about doing the same for email: https://blog.cryptographyengineering.com/2020/11/16/ok-googl...

h_anna_h5y ago

> The design of signal’s protocol is such that messages are authenticated but deniable: it is possible for the recipient to determine that the message was genuine

Via the use of MACs, yes. I never said otherwise. What I said before still holds, as the recipient you can't prove to others that you indeed received a message by a certain someone rather than forged it yourself to incriminate them.

> See also, this article about doing the same for email: https://blog.cryptographyengineering.com/2020/11/16/ok-googl...

The "Marisa" person in the comments is a friend of mine from IRC and I agree 100% with what she said.

j / k navigate · click thread line to collapse