оно в любом случае бесконечно дырявое

https://news.ycombinator.com/item?id=16280713

Well, to me the whole thing is about a couple of things:

When Telegram first launched, people were reading their crypto whitepaper and going "Whoa, this is weird. You should probably not be doing it like this", and the reply was "Well, our 6 world champion coders (did you win a coding world championship?) think it is nice. Deal with it".

They then launched a bullshit crypto challenge (which would have been secure even using crypto primitives we _know_ are insecure). People told them that wasn't how it was done. They replied something cocky about world champion coders.

A couple of months later, someone found an gaping hole where the server could MITM every newly started secret chat (which their hack for forward secrecy a couple of years later would have made possible for every 100 messages).

I think their attitude towards encrypted messaging hasn't left puberty yet, and I recommend against it for everyone looking for a secure messenger. For anyone looking for a more convenient whatsapp without caring much for privacy by default, I don't mind recommending Telegram.

https://eprint.iacr.org/2015/1177.pdf
Abstract. Telegram is a popular messaging app which supports end-
to-end encrypted communication. In Spring 2015 we performed an audit
of Telegram's source code. This short paper summarizes our ndings.
Our main discovery is that the symmetric encryption scheme used in
Telegram { known as MTProto { is not IND-CCA secure, since it is
possible to turn any ciphertext into a dierent ciphertext that decrypts
to the same message.
We stress that this is a theoretical attack on the denition of security and
we do not see any way of turning the attack into a full plaintext-recovery
attack. At the same time, we see no reason why one should use a less
secure encryption scheme when more secure (and at least as ecient)
solutions exist.
The take-home message (once again) is that well-studied, provably se-
cure encryption schemes that achieve strong denitions of security (e.g.,
authenticated-encryption) are to be preferred to home-brewed encryption
schemes.

* * *
https://www.verdict.co.uk/telegram-security-flaw/
Telegram security flaw left computers vulnerable to cryptocurrency mining



Telegram positions itself as the most secure messaging app available but in actual fact, it doesn’t live up to the hype. The security issues detailed by the Kaspersky Lab researchers are just one of a long line of problems Telegram has had to deal with.

For one, its 100m users believe that all the messages they send are encrypted. This prevents anyone apart from the two people involved in the conversation from seeing what was said. However, Telegram is not end-to-end encrypted, the highest level of encryption, used in apps such as Wire and Whatsapp.

Wire, for instance, uses the Signal protocol, a proven method of encryption. Instead, Telegram uses its own protocol, MTproto. This isn’t regarded with the same caliber as Signal amongst security researchers and has some major flaws.

* * *

Telegram IM security flaw – what you see is NOT always what you get
https://nakedsecurity.sophos.com/2018/02/16/telegram-instant-messaging-flaw-the-images-that-were-programs/