Search Mailing List Archives
[liberationtech] About Telegram
steveweis at gmail.com
Wed Apr 2 18:34:13 PDT 2014
On Apr 2, 2014 2:58 PM, "Maxim Kammerer" <mk at dee.su> wrote:
> On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis <steveweis at gmail.com> wrote:
> > As an epilogue, the Telegram client misused a non-secure random number
> > generator mrand48 for the keys used in their contest. A student, Thijs
> > Alkemade, was able to recover their keys and decrypt the contest
> > message transcripts:
> Seriously... He took the secret server-side keys published
> post-contest, and recovered the secret chat key (also published) by
> exploiting a randomness bug that has been fixed shortly after the
> context began.
Maxim does point out some important details:
1. This was an unofficial client that nonetheless was used for the contest.
2. The RNG bug was already fixed, but was live in the context of the
3. Thijs used the post-contest published server keys as a shortcut.
Regardless, I think if someone had noticed the flaw sooner, they could have
recovered the 48-bits of LCG state and won the contest.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech