i dumped my whole signal chat history last week and learned ...

mleku

npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku

hex

2cbe9022b641244daaa5f4f83d998b82e690049b52dd3f985d05f54fa03f96af

nevent

nevent1qqsze05sy2myzfzd42jlf7panx9c9e5sqjd49hflnpwsta205qledtcprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsyeqqz27jc32pgf8gynqtu90d2mxztykj94k0kmttxu37nk3lrktclj7zfr

Kind-1 (TextNote)

2026-04-11T10:08:12Z

↳ 回复 Laeserin (npub1m4ny6hjqzepn4rxknuq94c2gpqzr29ufkkw7ttcxyak7v43n6vvsajc2jl)

Well, they probably knew about it, but this is maybe the first time it was presented as evidence in a case.

i dumped my whole signal chat history last week and learned that the initialization vector of the sqlite database encryption is a static series of space characters. i'm not surprised at all that "after uninstalling" it can be found. even if it deleted the files, which i doubt, the data is encrypted with the system keychain, so logging in opens it, the IV is such that it can be subjected to a plaintext cryptanalysis. it's a circus. signal is the absolute worst pick. matrix is the only one, which can only be unlocked by using the export feature in the UI. telegram i'm sure their stuff is bad as welll, maybe not as bad as signal, and simplex, well, completely crappy, written in a terrible programming language, zero cross-device sync, and mobile first.

原始 JSON

{
  "kind": 1,
  "id": "2cbe9022b641244daaa5f4f83d998b82e690049b52dd3f985d05f54fa03f96af",
  "pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
  "created_at": 1775902092,
  "tags": [
    [
      "e",
      "1ad519c10f04065b217922a895f4765edce215eb4eacc81ad8b9df76c743a078",
      "wss://2jsnlhfnelig5acq6iacydmzdbdmg7xwunm4xl6qwbvzacw4lwrjmlyd.onion",
      "root",
      "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa"
    ],
    [
      "e",
      "482bcf9b69aa2b0c2705b1ed0d69801d1377c29d402cd61ddcb4e960766174fd",
      "wss://theforest.nostr1.com/",
      "reply",
      "dd664d5e4016433a8cd69f005ae1480804351789b59de5af06276de65633d319"
    ],
    [
      "p",
      "3b487825307515e6d903710af238f52566df1005c7ffb9e963965f6ccc2ffb8a"
    ],
    [
      "p",
      "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa"
    ],
    [
      "p",
      "dd664d5e4016433a8cd69f005ae1480804351789b59de5af06276de65633d319"
    ],
    [
      "client",
      "smesh",
      "https://smesh.mleku.dev"
    ]
  ],
  "content": "i dumped my whole signal chat history last week and learned that the initialization vector of the sqlite database encryption is a static series of space characters. i'm not surprised at all that \"after uninstalling\" it can be found. even if it deleted the files, which i doubt, the data is encrypted with the system keychain, so logging in opens it, the IV is such that it can be subjected to a plaintext cryptanalysis. it's a circus. signal is the absolute worst pick. matrix is the only one, which can only be unlocked by using the export feature in the UI. telegram i'm sure their stuff is bad as welll, maybe not as bad as signal, and simplex, well, completely crappy, written in a terrible programming language, zero cross-device sync, and mobile first.",
  "sig": "568e7ef9fad85a1efe20e134f6df8629136760af4c06bd9acb0158622b401532669dd3495b5bb920562f8db79bc16208e94579c08462e42a62ccff9457e9322e"
}