What other type of encryption would you use for state secrets? You seem to be implying that governments and three-letter agencies use some vastly superior cryptographic scheme, whereas AFAIK Signal is as close to the state of the art as it gets.
Also, to be clear, Signal doesn't use public-key cryptography in the naive way (i.e. to encrypt/decrypt messages) as was/is possible with RSA. It uses asymmetric key pairs to first do a Diffie-Hellman key exchange, i.e. generate ephemeral symmetric keys, which are then used for encryption/decryption. This then also guarantees forward secrecy, see https://signal.org/blog/asynchronous-security/ . (Add to that they incorporate an additional post-quantum cryptographic scheme these days, and I'm probably omitting a lot of other details.)
> Signal is as close to the state of the art as it gets.
For their use case, which requires communication between two (or more) arbitrary users who never communicated before among millions of users, running on cheap commodity hardware over wireless connectivity to the internet.
Leaving encryption aside, looking only at the network level, the DoD is capable of using a dedicated fiber line. Or rather a parallel fiber infrastructure.
The issue isn't the encryption. It's the unsecure device it's running on. Nobody has to waste time cracking Signal if they have backdoored one of the computers at the endpoints. The US government categorically doesn't use unapproved hardware for secure communications. This is something the Secretary of Defense is supposed to know about.
Poking around it seems like pre shared keys are used for the secure stuff, so no public keys, no rsa. It isn't that signal isn't state of the art, it just makes compromises for usability.
Edit: I didn't state something perhaps I should have. Symmetric key is considered more secure because public key is more complicated so more room for side channel mistakes, and the computation needes to break public keys doesn't scale as fast with key size. I am not an expert but that is what I've read.
But that's not what would make Signal "weaker" than other solutions. It's a myth that there is some kind of "military grade" encryption and that Signal only reaches some kind of "amateur level" that's inferior to that. Anybody with any kind of crypto background knows this very well. (With "crypto" in the traditional pre-bitcoin sense.)
That the encrypted traffic is available to third parties is exactly what makes Signal weaker than the other solutions the government uses.
Note that this is what we are discussing in the above messages, not the "strength" of Signal's encryption. I get that it is largely hypothetical risk, but it's a real difference.
I believe much of the secret government communications are accomplished using layered secret encryption algorithms. Many of these are symmetric and have physical key loading accomplished by a guy with a gun.
Not sure why you're getting downvoted; I do think you're bringing up a valid point against my original comment: DH is susceptible to Shor's algorithm, too. That being said, the question is how long is it going to take to break a single DH key once we have adequate quantum computers? If it's in the order of, say, a couple months to a year, a ratchet algorithm will still protect privacy in the grand scheme of things, as it won't be feasible to decrypt more than a couple select messages per computer per year. Sure, quantum computers might improve, get cheaper and everything but on what timescale? It's not unlikely that that'll take many years and by that time no one might care about your private messages of today anymore and we might have established a new set of cryptographic schemes that are quantum-resistent.
It get exponentially difficult to add more qubits so it's not a given that we will be able to build one large enough to be a real threat to modern cryptography.
came here to say similar. GGP is another great example of hn people jumping in to make comments without having even a basic understanding of what they're talking about. Frustrating as it spreads misinfo about security which is the last thing we need.
You're in a comment section where people are flipping out that there exists a computer on his desk that isn't connected to any DoD network but is connected to the public internet.
Approximately 30,000 people go to work in the Pentagon every day. There are areas in the building that are SCIFs and they don't allow cell phones and laptops. But the majority of the building is an office building used for office building type stuff. Employees and contractors bring their personal cellphones and mobile devices in there every day.
Also, to be clear, Signal doesn't use public-key cryptography in the naive way (i.e. to encrypt/decrypt messages) as was/is possible with RSA. It uses asymmetric key pairs to first do a Diffie-Hellman key exchange, i.e. generate ephemeral symmetric keys, which are then used for encryption/decryption. This then also guarantees forward secrecy, see https://signal.org/blog/asynchronous-security/ . (Add to that they incorporate an additional post-quantum cryptographic scheme these days, and I'm probably omitting a lot of other details.)