[Cryptography] Signal planning no support for plaintext SMS

Jerry Leichter leichter at lrw.com
Wed Nov 9 21:03:02 EST 2022 


> On Nov 9, 2022, at 7:56 PM, Shironeko <shironeko at waifu.club> wrote:
> 
> Jerry Leichter <leichter at lrw.com> writes:
> 
>> None of this is true. The iCloud backups of messages used to be cleartext a
>> while back, but are now encrypted. Keys stored in iCloud are also encrypted and
>> not accessible to Apple. (The system works so well that it fools you into
>> thinking that it’s less secure than it is. For example, when you connect a new
>> device to your iCloud account, you can download your stored keys. But before you
>> can use them you need to provide the password used to encrypt them on one of
>> your existing devices. They then get decrypted and re-encrypted using the new
>> device’s password.)
> 
> Hear it from apple’s mouth, <https://support.apple.com/en-us/HT202303> and see
> heading “Messages in iCloud”
> 
> • For Messages in iCloud, if you have iCloud Backup turned on, your backup
> • includes a copy of the key protecting your messages. This ensures you can
> • recover your messages if you lose access to your Keychain and your trusted
> • devices. When you turn off iCloud Backup, a new key is generated on your device
> • to protect future messages and isn’t stored by Apple.
Yes, it has the key - encrypted with a key derived from your password.

Note the following text a bit further down in the same document:

"iCloud Data Recovery Service
If you forget your password or device passcode, iCloud Data Recovery Service can help you decrypt your data so you can regain access to your photos, notes, documents, device backups, and more. *Data types that are protected by end-to-end encryption—such as your Keychain, Messages, Screen Time, and Health data—are not accessible via iCloud Data Recovery Service. Your device passcodes, which only you know, are required to decrypt and access them.* Only you can access this information, and only on devices where you're signed in to iCloud."

*Emphasis* added.
                                                        -- Jerry

More information about the cryptography mailing list