Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As long as the clients are open-source and the encryption is end to end, can't it really be verified?

Whatever the server, if the client encryption is reliable, data can't be read on the server side.



  if the client encryption is reliable
It's not[1].

[1]: https://eprint.iacr.org/2015/1177.pdf


It is not, or was not? Did this issue get rectified by Telegram?


No, they still use MTProto and not an AEAD construction.


I was referring to the padding attack. Did they patch this?

And are there any property of MTProto that makes it infeasible to replace AES IGE in a later revision of the protocol?


The problem isn't IGE. It's that they're using SHA1 (not HMAC-SHA1) in a "MAC and Encrypt" construction.


Its still their own crypto. Even if you have the code, their could be a mathematical weakness that is unknwon to anybody outside the company. The protocol has not been studied a lot.


Has anyone offer to fund an audit of the code/crypto/workflow? If not, it'd be nice Moxie would spec out a public request for funds via some sort of crowdfunding and means to post public offers to audit the code based on the funds raised.


Moxie has asked them multible times but they dont seem to care.


Oh, interesting, not a huge suprise, though guess I wasn't clear, I was talking about auditing the open source stuff, not Facebook.

Basically, crowdfunded audits of open source crypto tech have been done before; I'd be up for helping with this if it made sense, since currently my sec dev skill are not that useful:

https://www.indiegogo.com/projects/the-truecrypt-audit#/

--

Might be worth funding a exploitable bug bounty too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: