On Apr 2, 2014 2:58 PM, "Maxim Kammerer" <m...@dee.su> wrote: > > On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis <stevew...@gmail.com> wrote: > > As an epilogue, the Telegram client misused a non-secure random number > > generator mrand48 for the keys used in their contest. A student, Thijs > > Alkemade, was able to recover their keys and decrypt the contest > > message transcripts: > > https://blog.thijsalkema.de/blog/2014/04/02/breaking-half-of-the-telegram-contest/ > > Seriously... He took the secret server-side keys published > post-contest, and recovered the secret chat key (also published) by > exploiting a randomness bug that has been fixed shortly after the > context began.
Maxim does point out some important details: 1. This was an unofficial client that nonetheless was used for the contest. 2. The RNG bug was already fixed, but was live in the context of the contest. 3. Thijs used the post-contest published server keys as a shortcut. Regardless, I think if someone had noticed the flaw sooner, they could have recovered the 48-bits of LCG state and won the contest.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
