Signal Secure Backups

Posted by keyboardJones 9/8/2025

990 points | 442 commentspage 6

maqp 9/8/2025|

Shoutout to Signal team for another fantastic achievement!

As a fun evening read I'd like to remind everyone of Pavel Durov's gaslighting on how their approach of everything-leaks-to-server was the right way to implement "cloud backups" for Telegram.

https://web.archive.org/web/20200226124508/https://tgraph.io...

Nice to finally see someone competent show how it's actually done :)

withinrafael 9/8/2025||

Do backups get pruned over time? Is there an expiration? I don't think folks want old lost-key backups sitting around forever for quantum to catch up, right?

blintz 9/8/2025|

It’s symmetric keys, so quantum doesn’t matter.

FergusArgyll 9/8/2025||

"On the other hand, symmetric algorithms such as AES are believed to be immune to Shor. In most cases, the best-known quantum key recovery attack uses Grover’s algorithm which provides a generic square-root speed-up over classical exhaustion in terms of the number of queries to the symmetric algorithm. In other words, Grover would recover the 256-bit key for AES-256 with around 2^128 quantum queries to AES compared to around 2^256 classical queries for exhaustion. "

- https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-stand...

</pedantry>

the paper itself concludes "the practical security impact of Grover with existing techniques on plausible near-term quantum hardware is limited."

ipv6ipv4 9/8/2025||

That Signal data doesn’t just transfer like any other data on iOS when upgrading phones is seriously dumb.

Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.

This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.

j1000 9/9/2025||

I was always thinking it was a feature not a bug

h4ck_th3_pl4n3t 9/8/2025||

The actual question I have now is: if backup and restore were not working before, why were the keys backed up via Google Play services?

netule 9/8/2025||

Do I get this for free if I’m a monthly donator?

IshKebab 9/8/2025||

Doesn't sound like it, but just decrease your donation and buy a subscription. Donations are donations.

drnick1 9/8/2025||

Signal is open source, so security claims can be verified unlike anything made by Apple or other Big Tech companies.

john01dav 9/8/2025||

What does this have to do with the message that you replied to?

drnick1 9/8/2025||

I meant to reply to another comment.

komali2 9/8/2025|

I'm confused, I've restored Signal from encrypted backups before. I did it like 4 months ago. What's this feature?

chimeracoder 9/8/2025||

> I'm confused, I've restored Signal from encrypted backups before. I did it like 4 months ago. What's this feature?

Those backups are stored locally, are platform-specific (Android-only), and there is no feasible way to automate their transfer to any other device, which means that either you have to manually manage them regularly, or you risk losing your entire message history if your phone suddenly dies (or is stolen, or broken beyond repair, etc.).

This is a true automated, off-site backup feature.

Marsymars 9/8/2025||

Cloud storage for your backup.

More comments...