> Right now if you re-install Signal on your device, you lose all your messages.
Right now, if I re-install Signal on a new device, it will (hopefully) prompt me for a Signal-generated passphrase that I've stored very securely, and then allow me to restore everything, messages and address book, from a backup that I've diligently made and stored under an additional layer of encryption together with the rest of my data.
Will that facility remain available? Will the backup remain encrypted with the strong passphrase, or will any app with access to external storage be able to exfiltrate something that the Signal Foundation would be able to decrypt under the assumption that SGX is broken?
While I've so far been impressed with Signals' choices (prioritizing security but staying usable), I'm extremely disappointed with the new reliance on SGX, and forcing me into this scheme would likely get me to ditch Signal.
In particular, if I get a dialog forcing me to set a PIN, I'm out (at that point, Signal will be broken for me anyways - I'm using it to talk to very non-technical users that react to UX changes with a blank stare; they won't be able to use the app if a mandatory modal popup shows up, and flying over to teach them how to deal with it isn't exactly an option right now.)
I use Signal so I don't have to trust opaque stuff happening at a third party. From my understanding, Secure Value Recovery relies heavily on SGX, and becomes mostly equivalent to plain text (brute-forcing a short PIN) if you don't trust SGX.
Right now, if I re-install Signal on a new device, it will (hopefully) prompt me for a Signal-generated passphrase that I've stored very securely, and then allow me to restore everything, messages and address book, from a backup that I've diligently made and stored under an additional layer of encryption together with the rest of my data.
Will that facility remain available? Will the backup remain encrypted with the strong passphrase, or will any app with access to external storage be able to exfiltrate something that the Signal Foundation would be able to decrypt under the assumption that SGX is broken?
While I've so far been impressed with Signals' choices (prioritizing security but staying usable), I'm extremely disappointed with the new reliance on SGX, and forcing me into this scheme would likely get me to ditch Signal.
In particular, if I get a dialog forcing me to set a PIN, I'm out (at that point, Signal will be broken for me anyways - I'm using it to talk to very non-technical users that react to UX changes with a blank stare; they won't be able to use the app if a mandatory modal popup shows up, and flying over to teach them how to deal with it isn't exactly an option right now.)
I use Signal so I don't have to trust opaque stuff happening at a third party. From my understanding, Secure Value Recovery relies heavily on SGX, and becomes mostly equivalent to plain text (brute-forcing a short PIN) if you don't trust SGX.