[liberationtech] About Telegram
Maxim Kammerer
mk at dee.su
Wed Apr 2 14:57:48 PDT 2014
On Wed, Apr 2, 2014 at 10:33 PM, Steve Weis <steveweis at gmail.com> wrote:
> As an epilogue, the Telegram client misused a non-secure random number
> generator mrand48 for the keys used in their contest. A student, Thijs
> Alkemade, was able to recover their keys and decrypt the contest
> message transcripts:
> https://blog.thijsalkema.de/blog/2014/04/02/breaking-half-of-the-telegram-contest/
Seriously... He took the secret server-side keys published
post-contest, and recovered the secret chat key (also published) by
exploiting a randomness bug that has been fixed shortly after the
context began. Moxie had the same randomness problem in his TextSecure
code [1] — does he also “suck at this”, to quote this student? Or does
blindly relying on someone else's POS code and primitives suddenly
absolve one of responsibility for one's own software quality? Because
that's essentially the spirit that I observe in Telegram's criticism.
[1] https://github.com/WhisperSystems/TextSecure/commit/b14d9d84
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the liberationtech
mailing list