Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> With SGX, users can just verify that the code you're running does not, in fact, send all their data to the NSA behind their backs

This is a big claim which needs extraordinary proof if we're going to rely on that assumption for security. Remember, we're talking about an organization that did things like sneak in backdoors in encryption standards or infiltrate Google's internal network to passively extract user data en masse. We should just assume the NSA has gotten the keys from Intel a long time ago, voluntarily or not.

The NSA doesn't respect the rules. Nor do they think about the wider consequences of their actions. They're a reckless and irresponsible organization with an enormous budget. If they want something from Intel, they will have it.



There are firms that sell phone scanning utilities that pull signal message off (unlocked?) ios and android (and presumably desktops).

Even if signal used an enclave key to encrypt the local chat database, sgx doesn’t protect the enclave from the keyboard, mouse or display drivers, so someone could simply write a screen scraper that displayed and captured each message of each thread.


I think you're misunderstanding what SGX is used for in the Signal context: It's only used server-side. The clients have no real use for it, because they don't have to attest the software they're running, only the keys they possess.

The server however is inherently untrusted, and the users of the server can benefit from some form of attestation of the software it's running. SGX tries to provide this, as the siblings in this thread explain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: