On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis <[email protected]> wrote: > As an epilogue, the Telegram client misused a non-secure random number > generator mrand48 for the keys used in their contest. A student, Thijs > Alkemade, was able to recover their keys and decrypt the contest > message transcripts: > https://blog.thijsalkema.de/blog/2014/04/02/breaking-half-of-the-telegram-contest/
Seriously... He took the secret server-side keys published post-contest, and recovered the secret chat key (also published) by exploiting a randomness bug that has been fixed shortly after the context began. Moxie had the same randomness problem in his TextSecure code [1] — does he also “suck at this”, to quote this student? Or does blindly relying on someone else's POS code and primitives suddenly absolve one of responsibility for one's own software quality? Because that's essentially the spirit that I observe in Telegram's criticism. [1] https://github.com/WhisperSystems/TextSecure/commit/b14d9d84 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
