
Ask HN: How secure is Signal messaging? - Sachaniman
I&#x27;m trying to convince a party to use Signal to communicate privately with me, and would like to verify certain things with HN community to make sure my understanding of the application is correct.<p>- Are receivers and senders the only entities able to access privately sent messages&#x2F;pictures&#x2F;videos? Do the Signal servers not store any of this data?<p>- If it is not stored on the server, are all the media and content sent and received then stored on the user&#x27;s device? In other words, will my usage be capped by my device&#x27;s available storage?<p>- If Signal servers are hacked, are the security guarantees thrown out? Or, do the hackers only see encrypted data at all times, with no way to decrypt it themselves?<p>- Is Signal the most reliable mobile app in the secure communication domain? Are there better alternatives?<p>Thanks in advance :)
======
justforfunhere
How public and private keys are generated, updated and stored between two
contacts for a particular Signal chat session is captured in the document
below. You should be able to find most of your answers here

[https://signal.org/docs/specifications/sesame/](https://signal.org/docs/specifications/sesame/)

>> _Are receivers and senders the only entities able to access privately sent
messages /pictures/videos? Do the Signal servers not store any of this data?_

The text messages are stored in the database (postgres) of signal server. They
are encrypted, so even if you had read access to database, you wouldn't be
able to decrypt it. Read the document mentioned above as to how keys are
managed.

Pictures/Videos/any multimedia is stored in a separate storage server ( e.g.
S3 ). This is also in encrypted form.

>> _If it is not stored on the server, are all the media and content sent and
received then stored on the user 's device? In other words, will my usage be
capped by my device's available storage?_

Most definitely your device should have enough space for the all the content
being sent on your way.

>> _If Signal servers are hacked, are the security guarantees thrown out? Or,
do the hackers only see encrypted data at all times, with no way to decrypt it
themselves?_

Yes, even if servers are hacked, they may be able to get the contact details
of users registered( this may not be true for the latest signal server ), but
they shouldn't be able to decrypt any stored messages.

>> _Is Signal the most reliable mobile app in the secure communication domain?
Are there better alternatives?_

I think Signal is the most reliable app right now.

Edit: Formatting

~~~
Sachaniman
Thanks for the thorough answer, it was very helpful!

------
kleer001
not to sound snotty or anything, but you might want to do some poking around
over at the official support page for your specific requests if you can't find
help here.

[https://support.signal.org/hc/en-us](https://support.signal.org/hc/en-us)

And a more specific channel over at:

[https://github.com/signalapp](https://github.com/signalapp)

IMHO the weakest security link is always the human. Make of that what you
will.

~~~
Sachaniman
>IMHO the weakest security link is always the human

Agreed, and thanks for links!

