SPOILER ALERT: not
In 2014, amid warnings of security flaws in WhatsApp, an application relatively new call
For months, many security experts have said that encryption is flawed Telegram . A few days ago, Edward Snowden made public its concerns regarding the security protocols default of Telegram.
The issue arises from the fact that Telegram has two types of chats, one called “cloud”, which is the chat by default and the only way in which they can be having group discussions, and secretly chat . Messages conversations in the cloud are encrypted MTProto an open source protocol developed by Telegram independently and from scratch, which is already a big “no” security. But the real problem arises from the flow of the encryption process:
This means that messages are encrypted before send to servers Telegram. But the problem, as Moxie Marlinspike, a security researcher notes associated with Open Whispersystems has said
“Stored under strong encryption” is [an expression] intentionally misleading. The ciphertext with the keys stored in plain text plain text (…) To say that the messages are “hard coded” implies that they are somehow protected, but are not, because the keys are stored with them.
Even if the message is stored encrypted, server has the ability to decrypt the message and read it as plain text . As Snowden says:
To be clear, what matters is that the plain text of the message is available to the server (or service provider), not if is “stored”.
To Telegram, you need to make messages accessible on different devices and different platforms , for example the desktop application, and this It is the reason why you need to store the keys on their servers. However, the defense argues Telegram data is encrypted and the keys are stored in different data centers.
And what about the reward of $ 200,000?
In response to community concerns cybersecurity Telegram responded with a contest cryptography allegation which is usually the standard answer Defenders who do not understand the application security flaws: no one has won the $ 200,000 reward offered by Telegram those who might break your encryption. However, as Marlinspike says, the way in which the competition is focused means not face the doubts and concerns that have been raised. The contest Telegram not raise chances of an attack man-in-the-middle, among other potential attacks or security breaches. To be unbreakable in the terms in which it is raised, is used as proof that the protocol is unbreakable, which is a logical fallacy.
The secret chat Telegram (based on MTProto) is encrypted end to-end encryption and keys are stored by the participants in the conversation. For this reason, is only available on the device where you started this conversation, and is not synchronized with other devices . However, this is a design decision, and is not intrinsically indispensable as Signal recently released its beta desktop and it synchronizes encrypted messages. Moreover, today Telegram is not particularly safer than, for example, conversations between two people in WhatsApp, using Encryption point to point .
Anyway, if you have any reason to require that your messaging is really private and secure, the best alternative Today is Signal , currently available for iOS and Android and its beta desktop version . Signal encrypts all messages sent over the network-individual, group, and voice calls if all users are using the application involved.
December 24, 2015
- ← Those little genius of Google: How to Use a spirit level from the web browser
- 13 applications for Android that I (re) discovered in 2015 and are now indispensable to me →