It's essentially a way of storing your password hash in the cloud such that nobody - not even the cloud providers - can read the hash and try to brute force it. All anyone can do is send password attempts to the cloud server's SGX system, which in theory is completely private, even to the host OS.
It also provides a way for the client to verify the code that is running in the SGX system, so you know you're sending your password attempts to some program that really does do all this fancy stuff. You don't have to take Signal's word for it.
It's basically equivalent to the chip in iPhones that stores your PIN and counts failed attempts. Except it's in the cloud and distributed, which is way harder to do.
Not really. The goal is to safely store an extra random value that's mixed with the password hash to derive the master key for the account, because they don't want to fully trust the password hash, because some passwords are too weak.
Could've just made password requirements stronger, but that doesn't provide an excuse to play with SGX I guess :)
It also provides a way for the client to verify the code that is running in the SGX system, so you know you're sending your password attempts to some program that really does do all this fancy stuff. You don't have to take Signal's word for it.
It's basically equivalent to the chip in iPhones that stores your PIN and counts failed attempts. Except it's in the cloud and distributed, which is way harder to do.