New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to page-level database encryption. #4

Closed
grrrrr opened this Issue Dec 21, 2011 · 8 comments

Comments

Projects
None yet
8 participants
@grrrrr

grrrrr commented Dec 21, 2011

The current default is to hide the body of the text but display the senders name until TextSecure is unlocked. It would be nice if there could be an option to allow users to also hide the senders name.

@SirGrant

This comment has been minimized.

SirGrant commented Jan 14, 2012

I agree. If you were to have your phone searched by someone like the police they would be able to at least see who you have been texting. This information should not become available until after you enter your password.

@moxie0

This comment has been minimized.

Member

moxie0 commented Feb 2, 2012

This isn't hidden because that data isn't actually encrypted. We'll eventually be moving to something like Zetetic's SQLCipher (http://sqlcipher.net/), which will allow us to encrypt those columns as well.

@baghdadbrian

This comment has been minimized.

baghdadbrian commented Aug 10, 2012

Any idea when this might happen moxie0? It's a pretty big usability flaw at the moment, though its good to understand this has more to do with the current android functionality rather than an oversight!

@viroid

This comment has been minimized.

viroid commented Sep 23, 2012

I would also really like to see this feature implimented. I kind of understand the reason the data is not currently encrypted, and therefore shown in plain text. However I dont see any reason to see anything at all if the passphrase is not cached, just block access to the conversation window. Then when you do get the SQLCipher stuff implimented, the program will just be that much better.

@dcherian

This comment has been minimized.

dcherian commented Nov 30, 2016

Notification settings let you hide both name and message now; so this can be closed?

@baghdadbrian

This comment has been minimized.

baghdadbrian commented Nov 30, 2016

@sigenc

This comment has been minimized.

sigenc commented Mar 25, 2017

Improve local storage encryption. Now only the content of the messages is encrypted. If forensics can bypass androids FDE, they can collect metadata. Please don't assume that androids FDE is safer than local encryption implemented right. Android FDE is light years away from ios and even ios is not bulletproof.

please read on the discoussion forum:

https://whispersystems.discoursehosting.net/t/passphrase-encryption-only-for-message-contents/917

Moxie commented he would want to phase it out in favor of android fde. Wich would be a mistake.

Moxie please read the discussion you answered already. I hope you change your mind. Eventually doesn't mean you are going to change it, that's clear, but please have a look at this thread and comment if you would accept a PR. I'm willing to make a big bounty for this.

@jtracey

This comment has been minimized.

Contributor

jtracey commented Feb 8, 2018

is this is fixed by f36b296?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment