[Cryptography] Signal planning no support for plaintext SMS

Jerry Leichter leichter at lrw.com
Thu Nov 10 17:01:32 EST 2022

>> Now you really are speaking nonsense. They are outright telling you that your
>> password is sufficient to recover your encrypt messages, so any speculation
>> about how the key derivation “relies on other secrets” is just wrong.
> I should have phrased it as “if A then contradiction, or if B then also
> contradiction” rather than just an “and if”
Let's try this again.  The document you pointed to is quite clear:  There are two classes of data, end-to-end encrypted (E2EE) and not.  The end-to-end encrypted data is just that, and is by design not accessible to Apple.  Decrypting it requires either knowledge of the password, or access to a device that's logged into the account.  The non-E2EE stuff is ... not protected in this way.

The contents of the two classes have changed over the years.  At one time, pretty much the only thing in the E2EE class was keychains.  Today, there's a longer list, which explicitly includes messages (which is a fairly recent addition).  It does not include things like your photo library, for example.

>> As for Apple “reseting your password”:  Where do you see them offering to do that?  If they did, anything encrypted based on that password would be toast.
> <https://support.apple.com/en-us/HT201487>
That lets you regain access *to your account*.  I believe you'll find it does not give you access to E2EE data stored in iCloud.  To do that, the key encryption key for the E2EE data would have to be modified to match the new password.  Doing that requires the ability to decrypt the key encryption key, which requires either the old password or equivalent (token from a logged in device).

Your iCloud account and each of your individual devices have independent passwords/tokens.  They are tied together through iCloud in complicated ways, but they are not interchangeable.  People do lose their phones, forget their passwords, and so on, and they want a way to recover.  Recovery is, of course, always at odds with security:  If I can recover even having lost *everything*, obviously someone can impersonate me and "recover" what they shouldn't be able to access.  Apple's approach provides you with the ability to recover from any device you own (obviously, they'd love you to buy a bunch of them!), from a memorized password, from a recovery key (which is essentially equivalent to another password).  These recovery approaches - which all require information *you* control - give you everything back.  The ultimate fallback is based on human interaction to prove you are the person on the account, which gives you access to most things but not all - you lose the E2EE stuff.  At least that's what everything I see in the documentation, and in descriptions of the implementation I've seen, implies.  I could be wrong, but just *saying* I'm wrong proves nothing.
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221110/571490df/attachment.htm>

More information about the cryptography mailing list