In 2018, Signal was criticized for not encrypting its database keys. At the time, a Signal support manager stated that “database security is never what they claim it is.” The issue was brought to light more recently when security researchers Talal Haj Bakri and Tommy Mysk warned users not to use Signal due to the same vulnerability.
In April, independent developer Tom Plant proposed a code merge to use Electron’s SafeStorage API. This approach uses operating system cryptosystems like DPAPI on Windows and Keychain on macOS to securely store encryption keys. Despite initial inaction, Signal developers have made the decision, announcing that a beta version will be released soon.
The new implementation includes a fallback mechanism to ensure compatibility with old decryption keys during the transition. Signal plans to remove the old keys once the new system has been fully tested.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
