On Wed, Apr 2, 2014 at 6:34 PM, Steve Weis <[email protected]> wrote:
> Regardless, I think if someone had noticed the flaw sooner, they could > have recovered the 48-bits of LCG state and won the contest. > The insidious thing the Telegram developers continue to do is point to the fact nobody one their contest as evidence the software is secure while downplaying the fact that multiple security vulnerabilities were found and they paid out $100,000. The contest is silly and irrelevant, but it is successful marketing. The New York Times reported on March 19th, 2014: http://bits.blogs.nytimes.com/2014/03/19/can-you-trust-secure-messaging-apps/ "In the first contest, which ended March 1, no one managed to crack the encryption." This despite the fact that serious vulnerabilities were discovered in 2013. Telegram is utilizing the "contests" as talking points for successful marketing, while managing to keep the serious flaws in the design and the security vulnerabilities that have been discovered out of the public eye. As a security practitioner I consider this sort of behavior disgraceful and unbecoming of the developers of cryptography software. -- Tony Arcieri
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
