Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] About Telegram

Ximin Luo infinity0 at
Wed Apr 2 15:24:54 PDT 2014

On 02/04/14 22:57, Maxim Kammerer wrote:
> On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis <steveweis at> wrote:
>> As an epilogue, the Telegram client misused a non-secure random number
>> generator mrand48 for the keys used in their contest. A student, Thijs
>> Alkemade, was able to recover their keys and decrypt the contest
>> message transcripts:
> Seriously... He took the secret server-side keys published
> post-contest, and recovered the secret chat key (also published) by
> exploiting a randomness bug that has been fixed shortly after the
> context began.


> Moxie had the same randomness problem in his TextSecure code [1]


> — does he also “suck at this”, to quote this student? Or does
> blindly relying on someone else's POS code and primitives suddenly
> absolve one of responsibility for one's own software quality? Because
> that's essentially the spirit that I observe in Telegram's criticism.


> [1]


More information about the liberationtech mailing list