| |||
|
|
оно в любом случае бесконечно дырявое https://news.ycombinator.com/item?id=16 Well, to me the whole thing is about a couple of things: When Telegram first launched, people were reading their crypto whitepaper and going "Whoa, this is weird. You should probably not be doing it like this", and the reply was "Well, our 6 world champion coders (did you win a coding world championship?) think it is nice. Deal with it". They then launched a bullshit crypto challenge (which would have been secure even using crypto primitives we _know_ are insecure). People told them that wasn't how it was done. They replied something cocky about world champion coders. A couple of months later, someone found an gaping hole where the server could MITM every newly started secret chat (which their hack for forward secrecy a couple of years later would have made possible for every 100 messages). I think their attitude towards encrypted messaging hasn't left puberty yet, and I recommend against it for everyone looking for a secure messenger. For anyone looking for a more convenient whatsapp without caring much for privacy by default, I don't mind recommending Telegram. https://eprint.iacr.org/2015/1177.p Abstract. Telegram is a popular messaging app which supports end- to-end encrypted communication. In Spring 2015 we performed an audit of Telegram's source code. This short paper summarizes our ndings. Our main discovery is that the symmetric encryption scheme used in Telegram { known as MTProto { is not IND-CCA secure, since it is possible to turn any ciphertext into a dierent ciphertext that decrypts to the same message. We stress that this is a theoretical attack on the denition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as ecient) solutions exist. The take-home message (once again) is that well-studied, provably se- cure encryption schemes that achieve strong denitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes. * * * https://www.verdict.co.uk/telegram-secu Telegram security flaw left computers vulnerable to cryptocurrency mining Telegram positions itself as the most secure messaging app available but in actual fact, it doesn’t live up to the hype. The security issues detailed by the Kaspersky Lab researchers are just one of a long line of problems Telegram has had to deal with. For one, its 100m users believe that all the messages they send are encrypted. This prevents anyone apart from the two people involved in the conversation from seeing what was said. However, Telegram is not end-to-end encrypted, the highest level of encryption, used in apps such as Wire and Whatsapp. Wire, for instance, uses the Signal protocol, a proven method of encryption. Instead, Telegram uses its own protocol, MTproto. This isn’t regarded with the same caliber as Signal amongst security researchers and has some major flaws. * * * Telegram IM security flaw – what you see is NOT always what you get https://nakedsecurity.sophos.com/2018/0 Добавить комментарий: |
||||