zlacker

[return to "Signal app downloads spike as US protesters seek message encryption"]
1. aeroph+Z4[view] [source] 2020-06-05 02:52:17
>>pera+(OP)
Honest question for those in the know: If I wanted to run my own personal “analysis” to verify the security of Signal, where would I start? Is it even possible? Just curious if there was a way to “know” rather than “trust”.
◧◩
2. raspyb+d5[view] [source] 2020-06-05 02:53:44
>>aeroph+Z4
Learn cryptography to a high level then read the source code?
◧◩◪
3. drdrey+J5[view] [source] 2020-06-05 02:58:51
>>raspyb+d5
How do you know that the binary you run actually corresponds to the source code you read?

EDIT: and would you then also review every commit to make sure nothing bad gets introduced? No, at some point you have to place trust in the vendor, the developers, independent audits, etc.

◧◩◪◨
4. RL_Qui+X5[view] [source] 2020-06-05 03:00:32
>>drdrey+J5
Determinism.

https://tests.reproducible-builds.org/debian/reproducible.ht...

We're making great strides into software being completely deterministic. The Bitcoin project for many years has had completely deterministic binaries and a ceremony process for GPG signing the output with many individual parties.

◧◩◪◨⬒
5. depend+mj[view] [source] 2020-06-05 05:48:16
>>RL_Qui+X5
There is https://signal.org/blog/reproducible-android/ but it is not complete.
[go to top]