[Cryptography] Signal planning no support for plaintext SMS

Ralf Senderek crypto at senderek.ie
Wed Nov 9 07:56:12 EST 2022

On Tue, 8 Nov 2022, Jerry Leichter wrote:

> iMessage most definitely "doesn't suck."  It's highly usable, and is used by hundreds
> of millions, if not billions, of people - who need make no special effort to use it in
> a secure way.

Apple certainly does a few things right. They encrypt messages to every device the recipient
uses individually. But they use AES with a 128bit key in counter mode, which is fundamentally
brittle and surely the worst choice. The authentication of all those keys used is based on
public encryption and signing keys that are provided via Apple's Identity Service (IDS).
So all Apple users rely on a closed company run PKI for the authentication of their peers.
Not a good idea. (see https://support.apple.com/de-de/guide/security/sec70e68c949/web, I could
not find the english version, sorry.)

The problem with Apple's imessages starts when users don't actively disable the icloud
backups. Because a copy of the key which encrypts the backup is available to Apple and
so all imessages *can* be recovered by Apple. Of course they would never do it.


My conclusion is that any messaging app that uses cloud services should be eliminated from
our list of secure messaging apps.

> (In fact, I would contend that any system that requires the user to
> specifically pay attention to the system's security is forever going to restricted
> to a small subset of potential users.)

The icloud problem clearly shows that even Apple users need to worry about their
system's security in order not to be fooled by default settings in iOS.

> As for "secure":  The published information describes a very secure system.


> How secure the > *implementation* is ... is of course hard to tell.

It's impossible to tell as long as there is no code to be checked.


More information about the cryptography mailing list