Search Mailing List Archives
[liberationtech] About Telegram
mk at dee.su
Fri Feb 21 09:39:08 PST 2014
On Fri, Feb 21, 2014 at 2:52 AM, Steve Weis <steveweis at gmail.com> wrote:
> Hi Maxim. There was a man-in-the-middle attack against Telegram's
> algorithm published back in December:
> http://habrahabr.ru/post/206900/ (Russian)
That's interesting, thanks. I now remember reading that writeup at the
time, as well.
> If I understand the translation of this link, Telegram gave him
> $100,000 for the break:
> http://vk.com/wall-52630202_7858 (Russian)
Yes, Pavel Durov gave him the money, sort of outside the contest.
> That's an expensive crypto lesson, but apparently Telegram put their
> money where their mouth is.
Exactly, that's something to respect. This approach also goes both
ways — note how Durov refers to “respectable American cryptographers
on HackerNews” with contempt, as contrasted with some guy who got his
hands dirty. Words are cheap.
All I see is snobbishness of people who have typical Western fear of
steering from “authorized” engineering approaches. The people are
quick to judge some unknown foreign developers incompetent, whereas,
for instance, a company like Google didn't even manage to properly fix
their Android security fiasco, for instance — they still ship the
garbage PRNG code, because apparently no one there can understand how
that code (which they copied as-is from another project without any
tests) works, or is integrated into anything.  Yet, Google products
(like chat) are often recommended as secure enough for activists.
Liberté Linux: http://dee.su/liberte
More information about the liberationtech