Our great sponsors
-
-
libsignal
Home to the Signal Protocol as well as other cryptographic primitives which make Signal possible.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I raised a similar issue 4 years ago - https://github.com/signalapp/Signal-Android/issues/6703
Signal used to silently fail if you changed device. I guess not much has changed.
> The "safety number" also encodes both participants' phone numbers
Um, not that I know of. A quick check, though, the QR code is a bunch of binary data, so I dove into the source code: https://github.com/signalapp/libsignal-client/blob/4446b648f...
> very amused that the author censored part of the QR code, but not the human readable text below it containing the exact same data
So what is it now, does it contain the phone numbers or not? Since any phone numbers are censored, only the safety number is not. But the QR code doesn't contain the phone number, as you just saw in the source code (assuming I correctly identified the relevant part, I just looked for uses of qr codes, found getScannableFingerprint and followed the trail through libsignal from there).
It's also, strictly speaking, not the same as the text below: the safety number below doesn't appear to include a version number (same file, lines 14-16).
Related posts
- The xz sshd backdoor rabbithole goes quite a bit deeper
- Apple Updates App Store Guidelines to Permit Game Emulators, EU Music App Links
- Butterfly: Powerful, minimalistic, cross-platform, open source note-taking app
- Show HN: Cap – Open-Source Loom Alternative
- Dash for macOS – API Documentation Browser, Snippet Manager