Aside from needing a passkey/passphrase every time you open Signal, what would be the solution? If the user can read the unencrypted messages, then so can malware running as the user.
Heck, even if you required some sort of authentication to open the messages, malware could just capture that.
It’s the same problem with browser credential stealing, you can grab all the cookies from an authenticated browser session and copy it to a new system.
Really, the biggest issue is that Signal doesn’t detect multiple instances running of the same session, but that’s also extremely difficult to do without malware being able to work around it.
Not saying there’s no solution here, but there is not a simple solution aside from trusting your computer and cancelling sessions if you suspect someone compromised your system (or just not using a desktop app.)
This means that while a keylogger might require admin access to install, any app or script with sufficient permissions could access these plaintext keys.
Malware to capture input would require privilege escalation as well, whereas this just requires being able to run code/copy files.
there is not a simple solution
But there are:
use the system keyring
store unencrypted key in memory in a background process (I.e. DIY keyring)
Essentially, force malware to either copy keystrokes or memory, both of which require admin privileges on most systems.
On Macs, there is a ‘keychain’ where certificates and passwords are stored encrypted, and there are OS-level controls on access – either an OS prompt for a password, or biometric authentication.
My point was that apart from the Macs, there is no single system keychain Signal could use. What they do is perfectly normal and expected on a desktop OS.
Agreed. If your system is compromised you have other issues and ultimately that falls on you. And on Linux you could very well set permissions yourself for those directories.
Aside from needing a passkey/passphrase every time you open Signal, what would be the solution? If the user can read the unencrypted messages, then so can malware running as the user.
Heck, even if you required some sort of authentication to open the messages, malware could just capture that.
It’s the same problem with browser credential stealing, you can grab all the cookies from an authenticated browser session and copy it to a new system.
Really, the biggest issue is that Signal doesn’t detect multiple instances running of the same session, but that’s also extremely difficult to do without malware being able to work around it.
Not saying there’s no solution here, but there is not a simple solution aside from trusting your computer and cancelling sessions if you suspect someone compromised your system (or just not using a desktop app.)
From the article:
Malware to capture input would require privilege escalation as well, whereas this just requires being able to run code/copy files.
But there are:
Essentially, force malware to either copy keystrokes or memory, both of which require admin privileges on most systems.
Storing the encryption keys in the Credentials Manager (Windows) or the Keychain (macOS, Linux) would be a better choice than a plaintext file.
And using Bitlocker / VeraCrypt / Filevault / LUKS will at least protect the data at rest.
But as you said, it’s game over if the machine is compromised.
It’s right there in the article. Local keychain.
What keychain exactly?
On Macs, there is a ‘keychain’ where certificates and passwords are stored encrypted, and there are OS-level controls on access – either an OS prompt for a password, or biometric authentication.
My point was that apart from the Macs, there is no single system keychain Signal could use. What they do is perfectly normal and expected on a desktop OS.
Agreed. If your system is compromised you have other issues and ultimately that falls on you. And on Linux you could very well set permissions yourself for those directories.