Hacker Newsnew | past | comments | ask | show | jobs | submit | goupillon's commentslogin

If the keys are generated on the device, they can't be trusted by Signal since any clone could generate them too. If the keys are generated by Signal and sent to the device, they can be intercepted and used in any clone


Thanks. Signal could use unique public keys for each valid client. It could be intercepted and used for DoS against the valid client's Signal service, but that's not a confidentiality risk. It could serve as a UID, but maybe there are workarounds to that.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: