[smc-discuss] [x-post] Telegram is not secure
Pirate Praveen
praveen at onenetbeyond.org
Fri Dec 11 09:45:01 PST 2015
Telegram is a popular messaging app which supports end-to-end encrypted
communication. In Spring 2015 we performed an audit of Telegram's source
code. This short paper summarizes our findings.
Our main discovery is that the symmetric encryption scheme used in
Telegram -- known as MTProto -- is not IND-CCA secure, since it is
possible to turn any ciphertext into a different ciphertext that
decrypts to the same message.
We stress that this is a theoretical attack on the definition of
security and we do not see any way of turning the attack into a full
plaintext-recovery attack. At the same time, we see no reason why one
should use a less secure encryption scheme when more secure (and at
least as efficient) solutions exist.
The take-home message (once again) is that well-studied, provably
secure encryption schemes that achieve strong definitions of security
(e.g., authenticated-encryption) are to be preferred to home-brewed
encryption schemes.
https://eprint.iacr.org/2015/1177
This would be a good time to try kontalk, which uses well tested gpg
encryption.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.smc.org.in/pipermail/discuss-smc.org.in/attachments/20151211/fa7de59c/attachment.sig>
More information about the discuss
mailing list