Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] About Telegram

Steve Weis steveweis at gmail.com
Wed Apr 2 18:34:13 PDT 2014


On Apr 2, 2014 2:58 PM, "Maxim Kammerer" <mk at dee.su> wrote:
>
> On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis <steveweis at gmail.com> wrote:
> > As an epilogue, the Telegram client misused a non-secure random number
> > generator mrand48 for the keys used in their contest. A student, Thijs
> > Alkemade, was able to recover their keys and decrypt the contest
> > message transcripts:
> >
https://blog.thijsalkema.de/blog/2014/04/02/breaking-half-of-the-telegram-contest/
>
> Seriously... He took the secret server-side keys published
> post-contest, and recovered the secret chat key (also published) by
> exploiting a randomness bug that has been fixed shortly after the
> context began.

Maxim does point out some important details:
1. This was an unofficial client that nonetheless was used for the contest.
2. The RNG bug was already fixed, but was live in the context of the
contest.
3. Thijs used the post-contest published server keys as a shortcut.

Regardless, I think if someone had noticed the flaw sooner, they could have
recovered the 48-bits of LCG state and won the contest.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140402/d21c39dc/attachment.html>


More information about the liberationtech mailing list