Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] About Telegram

Maxim Kammerer mk at
Thu Feb 20 14:59:50 PST 2014

On Fri, Feb 21, 2014 at 12:24 AM, Tony Arcieri <bascule at> wrote:
> That would be shifting the burden of proof. The goal of a well-designed
> cryptosystem should be to demonstrate why attacks aren't possible. Just
> because I personally can't demonstrate a particular attack against this
> system is not a measure of its security.

It is, since there are automatic tools which will show you attack
scenarios after you encode the communication protocol. You called the
contest a farce and the product a snake oil based on what, inadequate
threat modeling in a contest where the backer indicated willingness to
adapt the contest to more advanced threat models? Ignore the contest,

> Can you demonstrate a practical attack Moxie's obviously broken cryptosystem
> described in his blog post? If you can't, does that mean it's secure?

I didn't write “a practical attack”, I wrote “describe an attack” —
you are substituting terms in order to support your point.

> Even experts make mistakes, and Telegram's developers are clearly not
> experts as they seem to have ignored all of the developments that have
> occurred in the past 20 years (or more) in cryptography, most notably
> authenticated encryption.

Maybe, so what? The limitations are outlines in the FAQ — the product
is clearly not a snake oil.

Maxim Kammerer
Liberté Linux:

More information about the liberationtech mailing list