Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's a cryptographically well-audited replacement to iMessage, Skype, and traditional telephony, all of which leave room for governmental and malicious meddling.


It's not really a replacement, more of a secure alternative. Ideally it would be possible to totally replace iMessage with Signal allowing non-secure messages from legacy contacts. However, even if the team were so inclined Apple does not provide adequate messaging APIs. For example, there is no way to intercept an SMS message, see message history, etc.


TBH I think keeping SMS separate from an ip based communications method is better. Lets not pretend that SMS is secure. The only thing I would find missing are quick reply APIs.


How are IP and SMS traffic different, other than "packet" size and encoding constraints? Both are easily interceptable and spoofable, necessitating strong crypto.

I don't see how chacha20/poly1305 is somehow "worse" over SMS.


The difference is mostly that in case of SMS, metadata leaks to carriers. In case of Signal/TextSecure/RedPhone, some limited metadata leaks to Google Cloud Messaging and Apple's equivalent platform (I can't remember the name). That's necessary because of scaling problems with push messages, but I understand there is work going on to develop a self contained alternative using WebSockets.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: