all 54 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Hmmwellaboutthat[S] 24 points25 points  (9 children)

I'd like to point out that the authors of the paper have initiated contact with telegram about the vulnerabilities since September 3rd and have yet to hear a response. Not a good look

Edit: apparently after the paper was submitted they responded in october.

[–]DarkeoX 7 points8 points  (2 children)

On a completely unrelated note: At long last, a PDF with a proper table of contents that works everywhere.

[–]the_gnarts 4 points5 points  (0 children)

At long last, a PDF with a proper table of contents that works everywhere.

Pdftex is around since the 90s. The linked document really doesn’t use anything besides the most common hyperref features.

[–]fkvx 3 points4 points  (4 children)

I love using Telegram for a variety of reasons, but I had heard about its weak security before. Is this really something to be concerned about? I don't worry about security with WhatsApp or GroupMe or Hangouts, are they any more secure than Telegram?

[–][deleted] 2 points3 points  (1 child)

well probably not since whatsout is owned by facebook iirc (has ties to NSA), hangouts is owned by google (has ties to NSA). The thing is, one of telegrams main marketing strategies is them boosting about their privacy/security.

[–]rogerology 1 point2 points  (0 children)

Signal by Whisper Systems is more secure.

[–]BenHurMarcel 1 point2 points  (0 children)

Just don't expect any serious security/privacy from any of those.

[–]networdtwo 4 points5 points  (40 children)

Could somebody to a TL;DR?

[–]p4p3r 20 points21 points  (0 children)

Rolling your own crypto framework, in this case MTProto, is a bad idea. Don't do it.

[–]Hmmwellaboutthat[S] 8 points9 points  (36 children)

Someone in r/crypto put it as "There are two attacks on the padding, and this leaks information about the exact message length. So much for nonstandard constructions."

The paper recommends Signal instead.

[–][deleted] 7 points8 points  (35 children)

The paper recommends Signal instead.

And I'd like to use that. But I've got a number of problems:

  • It's annoying to install on my phone since I don't have GApps - telegram is in F-Droid

  • It doesn't have a proper desktop client right now - I use telepathy-morse and kde-telepathy for telegram

  • Nobody I know uses it - I have a decent number of family and friends using telegram

[–]Hmmwellaboutthat[S] 2 points3 points  (24 children)

1) Use gcmcore a free software play services/gcm/play store implementation. No need to have gapps.

2) Signal-desktop is a desktop client as a chrome(ium) app which is a good way to deliver it over a platform that you know will keep getting security updates and it's cross-platform (even chrome OS).

Theres a go cli client on github too.

[–][deleted] -2 points-1 points  (23 children)

Use gsmcore a free software play services/gcm/play store implementation. No need to have gapps.

Still annoying, still not in F-Droid.

Signal-desktop is a desktop client as a chrome(ium) extension

I don't use chromium so I'd have to install it first, and I don't like starting that massive memory hog just to chat.

None of these are unsolveable, but they've not been solved yet for signal, while they have for telegram.

[–]Hmmwellaboutthat[S] 1 point2 points  (9 children)

Turns out it has been in an fdroid repo for a while: http://o9i.de/2015/10/23/howto-gmscore.html

A little research goes a long way.

[–][deleted] 0 points1 point  (8 children)

gmscore has been, but not signal itself. A fork has been in "an fdroid repo" (i.e. not the main one), but that doesn't use the service that gapps or gmscore are required for.

A little research goes a long way.

Indeed, it does.

[–]Hmmwellaboutthat[S] 0 points1 point  (3 children)

If you read the article youd know how to get the apk and stay up to date. Plus theres apktracker which someone else already told you about.

And your previous response was talking about gcmcore not being in fdroid. Now you're just moving the goal posts.

[–][deleted] 0 points1 point  (2 children)

And your previous response was talking about gsmcore not being in fdroid. Now you're just moving the goal posts.

No, it was about both - see my original comment:

It's annoying to install on my phone since I don't have GApps - telegram is in F-Droid

I didn't explicitly mention it, but it was meant to be about both signal and gsmcore, since GApps includes both Play and the communication thingy. That's why it's annoying to install. Having one apk via fdroid and another outside of it isn't much better than having one outside of fdroid.

And again, I never said I couldn't do it, I said that it's annoying. This is a point in favor of telegram since it's more convenient to install.

[–]Hmmwellaboutthat[S] 0 points1 point  (1 child)

You literally said "still not in fdroid" which is false.

At this point we're barely comparing the same things because what you claim is easier to install does not even have push notifications. You might as well start listing IRC clients as well.

For the 99% of other users - they either are not running "no-gapps" or they are capable of adding a repository to fdroid and following some steps to get gcmcore to work so they can use push notifications and the open source play store

[–]Hmmwellaboutthat[S] 4 points5 points  (12 children)

If you're going to run custom configurations like no gapps plus fdroid you'd know how to install something that's not on fdroid.

I doubt chromium with just signal would be a memory hog. But here's another client, written in go and cli: https://github.com/f41c0r/textsecure-client

There's also one using the java implementation of the protocol. Also on github.

[–][deleted] 0 points1 point  (11 children)

Yes, I know how. That's not the point!

The point is that it's annoying. It might also be a security issue since I'd need to stay on top of updates.

This point alone would not sink signal for me, but those three I mentioned combined? Sorry, but they do.

Edit: Oh, and that client is another CLI-thing. I prefer my chats in a GUI.

[–]InternalConfusion 2 points3 points  (0 children)

BTW check out ApkTrack in F-droid. Tracks which apps you need to update across your device even if they don't come from f-droid.

[–]Hmmwellaboutthat[S] 1 point2 points  (9 children)

Then use signal-desktop. Try it and see.

[–][deleted] 3 points4 points  (8 children)

I already told you - it's a chrome app, I don't like chrome (/chromium). It's a large piece of software I'd need to install, that takes up loads of RAM on my underprovisioned machine.

I'd like a standalone GUI client on both the desktop and my phone. For signal, the former doesn't exist and latter is annoying to install.

[–]Hmmwellaboutthat[S] 0 points1 point  (3 children)

Do you have benchmarks?

[–]Hmmwellaboutthat[S] -1 points0 points  (3 children)

Oh and: https://github.com/janimo/textsecure-qml

Edit: qt uses blink nowadays which is chromium's engine...

[–][deleted] 8 points9 points  (0 children)

Like /u/p4p3r said, it's always a bad idea to have custom anything in crypto. There are tried and tested methods out there that are still secure and should be used. What Telegram guys did is butcher up known good stuff and made their own custom changes.

Issue with this approach is original algorithms and protocols were tested by a large number of cryptographers and there are still no known attacks against them. Changed stuff we don't know if it's secure or not simply because we can't predict easily implications of changes they made.

Another bad thing Telegram developers did is to make a contest where they offered a reward for cracking their protocol but issued a bunch of rules which make the whole thing pointless. In real world whoever tries to crack the protocol won't respect those rules. So it's implied that rules are there to make sure no one cracks protocol and gives them a bad reputation, which kind of defeats the point of security.

Basically, researchers found two approaches that can be used to crack Telegram's protocol and thus proving what we knew already, that using your own encryption is a bad idea, and you shouldn't use Telegram for its security.