- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
[ comments | sourced from HackerNews ]
You must log in or # to comment.
A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.
Therefore, the implementation distributor cannot be secured against?
Isn’t the only defense for this an open source implementation?
If so, isn’t Signal doing everything it can?
I get the attack on Lavabit and Protonmail because the implementation is downloaded transparently and often, however Signal’s distribution model can be explicit by disabling auto updates, and you can produce the same binary locally.
In summary I think Signal is much better than Lavabit/Protonmail and putting them in the same bucket is disingenuous.