• WolfLink@lemmy.ml
      link
      fedilink
      English
      arrow-up
      27
      ·
      9 months ago

      TLDR Signal made a decision that has different tradeoffs and is waiting for the tech to improve before taking the step Apple did.

      All of these updates are extremely cutting edge and PQC tech is not matured, so both Signal and Apple implementing it now is mostly a marketing move.

      In Apple’s press release, they mention they use a combination of the new PQC “Kyber Crystals” algorithm and the existing standard “ECDSA” algorithm. This is because Kyber is is too new and hasn’t stood the test of time yet. Apple doesn’t want to trust it fully because someone could come discover a vulnerability.

      Even if it is motivated by marketing, it’s good that these companies are competing in this space because it drives the tech forward, and it’s good that they are working on including PQC now even though the tech is immature, because the goal is to protect against attacks involving storing encrypted data now and decrypting it later once quantum computers are more mature.

    • unexposedhazard@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      2
      ·
      9 months ago

      Does claiming “my encryption is magically unbreakable” make your encryption unbreakable? No. So dont give companies the benefit of the doubt on these kinds of things. If its actually so secure that they dont have to worry about it, they could prove it by releasing their code. Dont just believe things companies say, especially when the claim benefits them monetarily.

    • ursakhiin@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      Difficult to say which is better. This particular blog post is from Apple themselves. You’ll want to wait until some 3rd party is able to do an audit and compare them.