[liberationtech] About Telegram
Tony Arcieri
bascule at gmail.com
Wed Apr 2 19:05:07 PDT 2014
On Wed, Apr 2, 2014 at 6:34 PM, Steve Weis <steveweis at gmail.com> wrote:
> Regardless, I think if someone had noticed the flaw sooner, they could
> have recovered the 48-bits of LCG state and won the contest.
>
The insidious thing the Telegram developers continue to do is point to the
fact nobody one their contest as evidence the software is secure while
downplaying the fact that multiple security vulnerabilities were found and
they paid out $100,000.
The contest is silly and irrelevant, but it is successful marketing. The
New York Times reported on March 19th, 2014:
http://bits.blogs.nytimes.com/2014/03/19/can-you-trust-secure-messaging-apps/
"In the first contest, which ended March 1, no one managed to crack the
encryption."
This despite the fact that serious vulnerabilities were discovered in 2013.
Telegram is utilizing the "contests" as talking points for successful
marketing, while managing to keep the serious flaws in the design and the
security vulnerabilities that have been discovered out of the public eye.
As a security practitioner I consider this sort of behavior disgraceful and
unbecoming of the developers of cryptography software.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140402/c970a353/attachment.html>
More information about the liberationtech
mailing list