|
|
|
|
|
|
by mfsch
2314 days ago
|
|
|
From what I understood of the article about secure value recovery [1], SGX is used to derive a more secure key from the password you provide, so a broken SGX alone is not enough to decrypt the data stored on the server, you still need to crack the user’s password. Of course this only helps those people with an actually secure password, which is why they go through all the trouble with SGX. This makes me feel a bit better about their reliance on SGX – as long as you use a long random password stored in my password manager, you don’t have to trust SGX at all. [1]: https://signal.org/blog/secure-value-recovery/ |
|
|
It doesn't speak to any unexpected weaknesses in SGX due to hardware issues with Intel, though, that could be exploited with speculative execution attacks, and what possible information might be obtained were that to happen. I'm not certain how useful it would be to attack this specific feature to obtain saved social graphs when it may be easier to leverage those speculative execution flaws elsewhere in Signal's back end (I may be talking out my ass here, since even your link was pretty in the weeds for me).
I'm also not sure if it's prudent to trust SGX when it seems its protections can be overcome. Hiding all this information behind different SGX features might be all for naught if SGX itself isn't much of an impediment. Which all gets back to my original concern: is this trust in SGX (and by extension Intel) putting too many eggs in a single basket? Is there any fallback, just in case? What would that look like?
I sure as hell don't know, but I haven't even seen the question asked. Signal hasn't addressed it, and it may not even be worth making hay over, but I figured the smart folks around here would, if nothing else, be able to make some headway.
[1] - https://1password.com/files/1Password-White-Paper.pdf; pgs. 24-26