I don’t know if I’m opening a can of worms here, and I’m still trying to backtrack a lot of history where I was tuning everything out. I keep seeing random swipes at Signal (or the representatives (?)), and I was wondering whether they are founded or just lies.Is it another situation like Lemmy where we just “take the technology and move on”? Thanks!

  • @lemmylommy
    918 hours ago

    There is not „your encryption key“ because there is not only one.

    The cloud backup (protected by the pin) includes the contact list, NOT your messages. Those are encrypted on device with a key that is on device and can not be recovered by anyone from the cloud.

    • @[email protected]English
      318 hours ago

      There is not „your encryption key“ because there is not only one.

      It’s close enough, its the master key from which all other keys can be derived.

      https://signal.org/blog/secure-value-recovery/

      If someone loses their phone, the stretched_key, auth_key, and c1 variables can be regenerated at any time on the client as long as the user remembers their chosen passphrase.