Hi Maxim. There was a man-in-the-middle attack against Telegram's algorithm published back in December: http://habrahabr.ru/post/206900/ (Russian)
English Google translated: http://translate.google.com/translate?hl=en&sl=ru&u=http://habrahabr.ru/post/206900/ If I understand the translation of this link, Telegram gave him $100,000 for the break: http://vk.com/wall-52630202_7858 (Russian) That's an expensive crypto lesson, but apparently Telegram put their money where their mouth is. On Thu, Feb 20, 2014 at 1:57 PM, Maxim Kammerer <m...@dee.su> wrote: > > On Thu, Feb 20, 2014 at 8:38 PM, Tony Arcieri <basc...@gmail.com> wrote: > > Their "contest" is a farce: > > It's total snake oil. They created a bespoke encryption scheme rather than > > using off-the-shelf components like MACs or (EC)IES. Avoid avoid. > > Go ahead and describe an attack, then, I'm sure Pavel Durov (creator > of VK, who originated this project on ideological principles) will > take care of the issues, if any. The protocol is open, and the > security trade-offs are outlined in the FAQ [1]. Not using > off-the-shelf components is not an argument, since the project is > apparently not developed by some hobbyists learning about crypto. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
