The Messenger Signal, otherwise praised by many sides, has caused a lot of discussion due to a PIN function introduced in May. Especially the fact that this function is not optional, but has to be used, caused criticism from some users.
The functions of the signal PIN
Signal is a messenger that is recommended by many IT security experts, because privacy is in focus, consistent end-to-end encryption is used and all source code is public. But some of these IT security experts are currently expressing concerns about the new PIN function.
Among other things, a PIN that the user can choose for himself should make it much easier to switch to a new device. The PIN is used to encrypt and decrypt data on a server. The data on these servers includes preferences, contact data and accounts. This also makes it easier to restore a hacked account, for example, since the PIN gives you one more authentication method.
Chat messages are explicitly not included in the data stored on the servers.
Security vs. comfort
The struggle between security and comfort takes place in almost every development nowadays. If an application is to be developed extremely secure, it is often not very comfortable to use, because the password policies are extremely high. This is exactly the conflict Signal currently has. By using the PIN system it has become much more comfortable to transfer a Signal account to a new device. On the other hand, there is an increased security risk, since users often choose PINs or passwords that are too weak.
For the encryption on the servers the Signal Team uses Intel Software Guard Extensions (SGX) and the chosen PIN of the user. In the past, however, security gaps in Intel processors have been found time and again. Only in June a research group from Michigan presented a critical security hole in the SGX.
Once the SGX component is compromised, all data is protected only by its own PIN. The minimum length is 4 digits and as in a recent article, 4 digits is not enough to create a secure PIN that can withstand a brute force attack.
Signal responds to feedback
The partially negative feedback on Signal’s PIN feature has caused Signal developer Moxie Marlinspike to tweet that the PIN feature will soon be optional. The biggest criticism against the PIN function was not the function itself, but the fact that you could not choose if you wanted to use the function.
In the tweet, Marlinspike says that they have responded to the feedback and are working on an option that the PIN function is optional. However, this means that signal users who do not use the PIN function will lose all their data in a new installation, as it is not stored on the servers.
With this option most criticism should be averted, because now users who do not want to store data on the server can deactivate this function and users who want to have the easy possibility to transfer the account to a new device can use the PIN function. With a long password such as a passphrase the data on the signal servers is well protected.