[Cryptography] Signal planning no support for plaintext SMS

Jerry Leichter leichter at lrw.com
Thu Nov 10 07:00:45 EST 2022

>> There’s no contradiction here.  It says you can recover if you’ve lost your Keychain and trusted devices *if you know your password*.
> Apple controls the password since they can set/reset it, and if the key
> derivation relies on some other secrets on your devices then they will not be
> able to recover from password alone, so it is still contradictory.
Now you really are speaking nonsense.  They are outright telling you that your password is sufficient to recover your encrypt messages, so any speculation about how the key derivation "relies on other secrets" is just wrong.

As for Apple "reseting your password":  Where do you see them offering to do that?  If they did, anything encrypted based on that password would be toast.

Yes, if you back information up to iCloud, you are more vulnerable than if you leave your information only on you iPhone.  You're more vulnerable if you have your information on two phones, or your phone and a laptop, than if you have it on just one.  The question is, *how much* more vulnerable, and it's certainly not "oh, Apple can just read your messages any time they want" more vulnerable. You trade that for the ability to recover information from your backups.  Gee, the same could be said of *any* backup.
                                                        -- Jerry

More information about the cryptography mailing list