Their arguments also don't make sense: they encrypt messages on Android, even though it has disk encryption as standard, but they won't encrypt messages on desktop which doesn't have disk encryption as standard!
Answered 2 comments above!
5 Matching Annotations
- Mar 2021
-
github.com github.com
-
-
Encryption is present on Signal-android because android's FDE is not usable enough, in Moxie's opinion (you can't set separate unlock and FDE pins, so people set really insecure ones). If/when android fixes this, signal-android will stop encrypting its database, too. Just like signal-desktop and signal-iOS.
Why Android is encrypted, while Desktop is not?
-
I'm locking this conversation because the conversation has clearly run its course. Any continued discussion can happen on the forums.
@scottnonnenberg annoyed, locked issue asking plain-text password.
-
-
community.signalusers.org community.signalusers.org
-
The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.
Reply by Signal-dev why the store plain-password.
-
-
www.bleepingcomputer.com www.bleepingcomputer.com
-
I think the difficult thing for everybody to understand is why the database is encrypted in the first place? Are you saying that SQLCipher just offered better features and performance than using SQLite? Can you point to any discussion or documentation of that decision-making process?
Why
sqlcipherif not done right!?
-