That is right, it's the initial signup where Signal sends an SMS with a code. But, if that SMS is intercepted by a third party, Signal won't know that. Also, during that initial process (correct me if I'm wrong), a key pair is generated, where your public key is stored on their server which it identifies as you, as you explained above. But your description is correct. You are right, I failed to mention that part, but it was well documented elsewhere.
You are viewing a single comment's thread from:
It identifies not as you as the person, but as the phone number (MDN) along with a keypair. There isn't a concept of personages, just MDNs. The MDN is tied to a publickey, and the private key is on the device. Thus if the SMS is redirected, then the initial setup handshake would just fail. But you still need to communicate ownership of the MDN out of band with your contacts.
This is why signal checks your contact list and automatically begins to share public keys. IMHO this is the biggest vulnerability with signal. It should ask you for each contact if you do or do not want to go encrypted with that particular contact and it should allow you to reject. Otherwise anyone who has you in their contact list will know you are on signal. This is more of an OPSEC vulnerability than a real issue though.
One other place where signal looks to be failing is it looks like it is in fact public key per MDN instead of a unique key per contact pair. Dang it, you got me deep diving their code base now :D
Guess I'll make a post and maybe compare signal vs silence.