Telegram is very young project and it has bugs for sure. Some guy found potential issue in protocol and developers committed to fix it soon. There is no information that any messages were revealed due to this bug but Telegram should go away and developers should do something else.
Whatsapp is less secure then Telegram but I have not seed “Whatsapp RIP” messages. Not so hard to save videos in snapchat but no one propose to close the application. About a year ago YAML vulnerability was found but no one proposed dhh to stop development and focus on race driver career.
I think that we need more competition for TextSecure.
Terms of bug bounty are very hard to satisfy even with bad protocol but Durov seems decided to play safe with such amount of money. Guy that found problem in MTproto doesn’t win money according to conditions of the bug bounty because message is not decrypted.
Disclaimer: I don’t have any affiliation with telegram besides living in the same city as telegram developers.
You must not have followed Telegram much. From the beginning they've done nothing but pretend their protocol is absolutely secure ("military-grade encryption", "world's most secure protocol", etc) and rejected any attempt from the crypto community to help them fix problems before they endanger people.
So, let's put it this way: Was it ok of them to lie through their teeth to users? If so, then that's a sad state of marketing. If not, then what are you proposing here?
- world's most secure protocol – I’d consider this statement as false, I don’t know what they mean by most secure and what protocols were considered. May be messengers available at app store, better to ask them
Why do you think that they “rejected any attempt from the crypto community to help them”, especially after bug bounty proposition?
Why do you think that they lie more then TextSecure advocates? Each of these messengers is safe to passive listening. But unsecure to similar degree if user downloads them from app store and runs on hardware and software that could be easily patched. Current implementation of telegram api is prone to MiM attack but I would not consider TextSecure completely safe app and that every other app should be thrown out.
It's an interesting contrast in cultures that you phrase it like "Why do you think Telegram lies more than TextSecure advocates?" .... As far as I'm aware, TextSecure advocates haven't lied at all. TextSecure's interest is in security, whereas Telegram's interest seems to be in money and power.
Current implementation of telegram api is prone to MiM attack but I would not consider TextSecure completely safe app
I just don't know what to say to this. Telegram has been proven insecure, TextSecure hasn't. Telegram isn't designed by cryptographers, TextSecure is. There is absolutely every reason to assume Telegram is broken.
Each of these messengers is safe to passive listening.
This is mistaken because Telegram has been proven vulnerable to MITM attacks. Even after they patch this latest security problem, it would be very unwise to trust them.
> Current implementation of telegram api is prone to MiM attack but I would not consider TextSecure completely safe app
> I just don't know what to say to this. Telegram has been proven insecure, TextSecure hasn't. Telegram isn't designed by cryptographers, TextSecure is. There is absolutely every reason to assume Telegram is broken.
Textsecure is designed by cryptographers, and hasn't been broken yet, but that doesn't mean that it is secure. People need to risk assess when they're using any software.
> If you want to be secure from the NSA, use TextSecure [...]. It's really that simple.
That claim is far too confidant! If you want to be secure from NSA you need to do many things - have a look at the specifications for buildings that handle secret documents for example, as well as just using a piece of well designed but relatively untested software.
Most people do not have nearly enough operational discipline to withstand investigation by well funded government agencies. Merely using this software is not enough.
> If you want to be secure from the NSA, use TextSecure [...]. It's really that simple.
That claim is far too confidant! If you want to be secure from NSA you need to do many things - have a look at the specifications for buildings that handle secret documents for example, as well as just using a piece of well designed but relatively untested software.
That's why I removed it 15 seconds after I wrote it. But perhaps it could be downgraded to "if you want to live in a world where it's very difficult for governments to vacuum up all your data by default, then use TextSecure, because it's the first step towards that." Telegram offers no such protection since it's vulnerable to MITM attacks (even after they fix this one).
If you rely on a single secure (for certain values of the word 'secure') messaging system or protocol you're absolutely insane. You'd want to be splitting your communication across multiple communication sources, with none of them ever seeing enough data to compromise whatever it is you're worried about. Deep and computationally expensive is great; deep, computationally expensive and broad is better. If one form (e.g. Telegraph) falls they've not got the full message, and they've still got a lot more work to do to get the whole thing.
Telegram seems to be interested in money and power because they've turned down offers from Moxie (the creator of TextSecure and a well-known cryptographer) to join forces. There's no reason to do that unless they were interested in money or power more than security.
I didn't say TextSecure is completely safe. I said Telegram has been demonstrated to be broken.
Telegram is prone to passive listening because their design doesn't prevent it. There's nothing stopping someone from MITM'ing every Telegram secret chat when it's first initiated. It's in the design.
Their contest means nothing, because due to the way the contest is designed, it's impossible to MITM or other side channel attacks like timing attacks. These are the real attack vectors, yet the format of the contest prevents anyone from employing them.
>Telegram seems to be interested in money and power because they've turned down offers from Moxie (the creator of TextSecure and a well-known cryptographer) to join forces.
Is there a cause-effect relationship I'm missing here?
Yes you do. "TextSecure completely safe app" was copied from your message before you or someone else edited it. I've not typed it but copied exact phrase from your message.
You seem to be missing the larger point. Nobody is proposing that secure messaging apps should not exist. Everyone is better when more people try, iterate and fail (then recover and fix) to create secure messaging solutions.
What's unsafe and unproductive is when bozos jump in the pool, apparently ignorant or otherwise misrepresentative of the reality of how difficult it is to create a correct solution -- and confidently declare their implementations to be trustable.
If the messaging on Telegram had been, the world needs a secure messaging solution and we're committed to building it starting with this thing which we think is pretty good for XYZ, nobody would be objecting. Instead, these guys presented themselves as having solved a problem which is known to be difficult, and moreover using an unlikely method.
Snapchat creators claim (at least imply) that messages could not be saved which is untrue.
Most advices to telegram developers at previous HN discussion were to stop doing crypto and do something else. I would not consider them as “gentle advices”. The only help from the community to their application is the bug report x7mz user from habrahabr site.
Crypto is life and death. I have spent a lot of years learning it as a hobby... Its a dangerous field to play in. It's super complex, and all it takes is one tiny mistake anywhere in the program (be it at the protocol level or implementation) and then bam: game over. So, when you release something, you are nervous about it. Telegram wasn't, and as it turns out, they should have been. That is bad.
Thank you yatsyk, I share your opinion. The app name is really great. I hope they fix it and come back with a stronger app.
I would suggest they hire security consultats to check the security in a first stage. Review by third parties is the best method to avoid things we overlooked. The prize shoud be for after all these consultancy options have been exhausted.
As a side node I see there is still a lot of room to improve automatic translation. It's difficult to understand in some places.
Everyone who has been criticising Telegram would actually love for them to do what you've suggested. We want good, secure encrypted messaging. Telegram is not it, and people are worried, as their actions so far smack far too much of a project that ignores best practices...
In the crypto world, projects like Telegram have popped up over and over again. A new protocol, designed by non cryptographers, that turns out to be heavily insecure. I wish that wasn't the case, but that is why people have reacted the way that we have. This is literally life and death, so it pays to be cautious.
I hope Telegram learn from all this, and go and get audited and tested by reputable experts. Then, fix all the issues raised. Then release their apps to the public, when they are proven secure. Until that time I personally will not trust their application.
>Terms of bug bounty are very hard to satisfy even with bad protocol but Durov seems decided to play safe with such amount of money. Guy that found problem in MTproto doesn’t win money according to conditions of the bug bounty because message is not decrypted.
At first my statement is still valid even after Durov decided to pay for bug report. This bug report has no connection with extracting plain message I've written.
Apart from that I can't check Durov's posts that from the future. My post was written before Durov's announcement.
Technically you're right. I thought that “decided” wasn't the right word to use before you give him a chance to decide. In other words, I read your post as conveying the idea that Pavel actively dismissed the bug report as unworthy of rewarding, when in fact the opposite was true. Perhaps I misread your post being a non-native English speaker. Apologies for that.
It's impossible to tell whether any messages were revealed due to this bug - that's what makes it so nasty. Users would have had the same level of security if Telegram had no end to end encryption whatsoever and simply promised they wouldn't log or read the messages they had access to; it's seriously that broken. (Worse, there's a good chance this is an intentional backdoor since the way they combine the nonce and Diffie-Hellman result is incredibly fishy.)
you don't go tell you got the best thing in the world while its just another random thing that doesn't do what you say - its just for fame/ego/money - without getting hateful feedback.
Telegram is very young project and it has bugs for sure. Some guy found potential issue in protocol and developers committed to fix it soon. There is no information that any messages were revealed due to this bug but Telegram should go away and developers should do something else.
Whatsapp is less secure then Telegram but I have not seed “Whatsapp RIP” messages. Not so hard to save videos in snapchat but no one propose to close the application. About a year ago YAML vulnerability was found but no one proposed dhh to stop development and focus on race driver career.
I think that we need more competition for TextSecure.
Terms of bug bounty are very hard to satisfy even with bad protocol but Durov seems decided to play safe with such amount of money. Guy that found problem in MTproto doesn’t win money according to conditions of the bug bounty because message is not decrypted.
Disclaimer: I don’t have any affiliation with telegram besides living in the same city as telegram developers.