WingNews logo WingNews
top | item 41371530

(no title)

jaykru | 1 year ago

> Telegram's crypto is a mess

Telegram's crypto may be weird, as the professional cryptographers you allude to have pointed out; I don't know, not being a cryptography expert. But MTProto 2.0 has been shown to enjoy many nice security properties (including a version of forward secrecy, though one afaik not as good as that enjoyed by Signal): formal proofs available here https://github.com/miculan/telegram-mtproto2-verification/tr... and some peer reviewed papers describing the formal verification effort are linked to there as well. Considering that I think calling Telegram's crypto "a mess" is misleading.

discuss

order

ezst|1 year ago

The characteristics of MTProto are barely relevant when it is not used in the real world: group chats cannot be encrypted with it, 1:1 chats have caveats like terrible UX and the need for both parties to be online to initiate a session.

jazzyjackson|1 year ago

Ironically, just being able to produce a valid proof is hardly proof that an implementation has those properties, it just means they put some effort into it.

jaykru|1 year ago

This would be a valid point if the client source code wasn't available; you can build the app from source and sideload it onto your Android phone or verify [0] that the build available for your platform matches the code you've audited for compliance to the protocol. Granted I don't know if anyone's performed such an audit, but it's at least an option.

[0] https://core.telegram.org/reproducible-builds

drdaeman|1 year ago

It used to have issues, they have improved since, but I don't consider Telegram to be encrypted or private (and I'm also not a crypto expert, so the details elude me anyway) so I haven't really kept track of this.

Honestly, the issue was not about their crypto at all, but about the attitude and how they reacted. It's literally as if someone says "dude, I know a thing about crypto and you might've made a mistake there" and Pavel immediately goes into offensive defense, preaching how they have the best ACM champion PhDs and shifting the burden of proof, basically a canonical Putin/Trump-style of evading an argument.

That's what makes me wary of this guy, not his product.