It's not clear who made Telegram's crypto but it was probably Nikolai Durov who is a genius mathematician and engineer, so it's not like it's some guy in a garage.
I remember he was pretty cocky here on HN about it. Half a year later it was shown to be thoroughly broken because the server could provide shit entropy to the client which it for some godforsaken reason used to generate the encryption keys.
So, yes. He (or any of the other 6 world champion coders that were bragged about) designed a broken protocol. Broken, as in "trivial access to the plain text by the server", which is pretty damn awful.
When people say that telegram rolled their own crypto that mean that they chose weird crypto primitives, weird key handling and generation and combined them in a way that made people go "whoa! That looks weird" and defended it by refering to their own world championship victories, by extension saying that people were to stupid to understand.
And 6 months later their protocol was shown to be broken.
Use telegram all you like. Don't say that their encryption is even close to being the gold standard.
Signal's crypto has also been independently audited [0], with pretty encouraging results, and as it is open source, can continually be audited.
Telegram's on the other hand, can't be continually audited, but the MTProto scheme they put together has been found to have a number of flaws [1], and that hasn't changed. They also haven't really allowed third-party audit of their actual code, so there may or may not be extra bugs waiting to bite you.
bjoli|5 years ago
So, yes. He (or any of the other 6 world champion coders that were bragged about) designed a broken protocol. Broken, as in "trivial access to the plain text by the server", which is pretty damn awful.
When people say that telegram rolled their own crypto that mean that they chose weird crypto primitives, weird key handling and generation and combined them in a way that made people go "whoa! That looks weird" and defended it by refering to their own world championship victories, by extension saying that people were to stupid to understand.
And 6 months later their protocol was shown to be broken.
Use telegram all you like. Don't say that their encryption is even close to being the gold standard.
shakna|5 years ago
Telegram's on the other hand, can't be continually audited, but the MTProto scheme they put together has been found to have a number of flaws [1], and that hasn't changed. They also haven't really allowed third-party audit of their actual code, so there may or may not be extra bugs waiting to bite you.
[0] https://eprint.iacr.org/2016/1013.pdf
[1] https://eprint.iacr.org/2015/1177.pdf
varispeed|5 years ago
ClumsyPilot|5 years ago
Kids these days, can't keep up with fashion