I’ve literally read the code for Signal’s double-ratchet protocol. It’s extremely high quality cryptography, written in Rust, open source, with several independent audits.
The server code isn’t open, but we know they (used to?) use Intel SGX enclaves so the contact metadata is sealed from even the Signal Foundation. Admittedly SGX fell prey to a number of speculative execution attacks, but Signal had no way of foreseeing that.
I’ve literally read the code for Signal’s double-ratchet protocol. It’s extremely high quality cryptography, written in Rust, open source, with several independent audits.
The server code isn’t open, but we know they (used to?) use Intel SGX enclaves so the contact metadata is sealed from even the Signal Foundation. Admittedly SGX fell prey to a number of speculative execution attacks, but Signal had no way of foreseeing that.
Also, Moxie hasn’t been involved since 2022.