Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] About Telegram

Steve Weis steveweis at gmail.com
Thu Feb 20 16:52:34 PST 2014


Hi Maxim. There was a man-in-the-middle attack against Telegram's
algorithm published back in December:
http://habrahabr.ru/post/206900/ (Russian)

English Google translated:
http://translate.google.com/translate?hl=en&sl=ru&u=http://habrahabr.ru/post/206900/

If I understand the translation of this link, Telegram gave him
$100,000 for the break:
http://vk.com/wall-52630202_7858 (Russian)

That's an expensive crypto lesson, but apparently Telegram put their
money where their mouth is.

On Thu, Feb 20, 2014 at 1:57 PM, Maxim Kammerer <mk at dee.su> wrote:
>
> On Thu, Feb 20, 2014 at 8:38 PM, Tony Arcieri <bascule at gmail.com> wrote:
> > Their "contest" is a farce:
> > It's total snake oil. They created a bespoke encryption scheme rather than
> > using off-the-shelf components like MACs or (EC)IES. Avoid avoid.
>
> Go ahead and describe an attack, then, I'm sure Pavel Durov (creator
> of VK, who originated this project on ideological principles) will
> take care of the issues, if any. The protocol is open, and the
> security trade-offs are outlined in the FAQ [1]. Not using
> off-the-shelf components is not an argument, since the project is
> apparently not developed by some hobbyists learning about crypto.



More information about the liberationtech mailing list