zlacker

[parent] [thread] 4 comments
1. jaykru+(OP)[view] [source] 2024-08-27 19:05:05
> Telegram's crypto is a mess

Telegram's crypto may be weird, as the professional cryptographers you allude to have pointed out; I don't know, not being a cryptography expert. But MTProto 2.0 has been shown to enjoy many nice security properties (including a version of forward secrecy, though one afaik not as good as that enjoyed by Signal): formal proofs available here https://github.com/miculan/telegram-mtproto2-verification/tr... and some peer reviewed papers describing the formal verification effort are linked to there as well. Considering that I think calling Telegram's crypto "a mess" is misleading.

replies(3): >>drdaem+w7 >>jazzyj+9k >>ezst+2c1
2. drdaem+w7[view] [source] 2024-08-27 19:39:38
>>jaykru+(OP)
It used to have issues, they have improved since, but I don't consider Telegram to be encrypted or private (and I'm also not a crypto expert, so the details elude me anyway) so I haven't really kept track of this.

Honestly, the issue was not about their crypto at all, but about the attitude and how they reacted. It's literally as if someone says "dude, I know a thing about crypto and you might've made a mistake there" and Pavel immediately goes into offensive defense, preaching how they have the best ACM champion PhDs and shifting the burden of proof, basically a canonical Putin/Trump-style of evading an argument.

That's what makes me wary of this guy, not his product.

3. jazzyj+9k[view] [source] 2024-08-27 20:43:33
>>jaykru+(OP)
Ironically, just being able to produce a valid proof is hardly proof that an implementation has those properties, it just means they put some effort into it.
replies(1): >>jaykru+BN
◧◩
4. jaykru+BN[view] [source] [discussion] 2024-08-27 23:59:13
>>jazzyj+9k
This would be a valid point if the client source code wasn't available; you can build the app from source and sideload it onto your Android phone or verify [0] that the build available for your platform matches the code you've audited for compliance to the protocol. Granted I don't know if anyone's performed such an audit, but it's at least an option.

[0] https://core.telegram.org/reproducible-builds

5. ezst+2c1[view] [source] 2024-08-28 05:05:30
>>jaykru+(OP)
The characteristics of MTProto are barely relevant when it is not used in the real world: group chats cannot be encrypted with it, 1:1 chats have caveats like terrible UX and the need for both parties to be online to initiate a session.
[go to top]