[Cryptography] Signal planning no support for plaintext SMS

Natanael natanael.l at gmail.com
Thu Nov 10 15:45:26 EST 2022

Den tors 10 nov. 2022 20:25Shironeko <shironeko at waifu.club> skrev:

> Jerry Leichter <leichter at lrw.com> writes:
> > Now you really are speaking nonsense. They are outright telling you that
> your
> > password is sufficient to recover your encrypt messages, so any
> speculation
> > about how the key derivation “relies on other secrets” is just wrong.
> I should have phrased it as “if A then contradiction, or if B then also
> contradiction” rather than just an “and if”
> > As for Apple “reseting your password”:  Where do you see them offering
> to do that?  If they did, anything encrypted based on that password would
> be toast.
> <https://support.apple.com/en-us/HT201487>

Nothing of substance has changed since this was posted;



"According to data forensics company ElcomSoft, iCloud backups are
"inherently much less secure" than users would hope.

"If you have iCloud backups enabled, the encryption key for iMessages will
be stored in the backup," the company says in a blog.

"If the "Messages in iCloud" option is enabled, the messages themselves are
NOT included in iCloud backups," it continues. "The encryption key,
however, will be included and accessible by Apple (like the rest of the
iCloud backup) and so available to the law enforcement."

Apple appears to confirm this in its support documentation about Apple
Platform Security.

"If the user has enabled iCloud Backup, the CloudKit Service Key used for
the Messages in iCloud container is backed up to iCloud to allow the user
to recover their messages even if they have lost access to iCloud Keychain
and their trusted devices," it says."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221110/45979dd1/attachment.htm>

More information about the cryptography mailing list