[liberationtech] About Telegram

Natanael natanael.l at gmail.com
Wed Mar 19 03:44:43 PDT 2014 

Here is what Moxie Marlinspike has to say, and it isn’t pretty;

http://www.thoughtcrime.org/blog/telegram-crypto-challenge/

It isn't considered secure by the cryptography experts. It doesn't follow
modern cryptographic design principles.

I would recommend using ChatSecure (based on XMPP and OTR, developed by
Guardian Project), and TextSecure (custom protocol derived from OTR,
developed by Moxie). Both are open source.

- Sent from my phone
Den 19 mar 2014 11:36 skrev "sam de silva" <sam at media.com.au>:

> Hi there,
>
> So it's almost a month since this thread died.
>
> To me, it looks pretty good and while I am not a mathematician, Telegram
> looks like a good solution to help improve digital security.
>
> But this list has the experts. What's the recommendation? Was there any
> consensus about Telegram.
>
> Thanks and best, Sam.
>
>
>
> On 22/02/2014, at 1:05 AM, Tony Arcieri <bascule at gmail.com> wrote:
>
> On Friday, February 21, 2014, Maxim Kammerer <mk at dee.su> wrote:
>
>> All I see is snobbishness of people who have typical Western fear of
>> steering from “authorized” engineering approaches. The people are
>> quick to judge some unknown foreign developers incompetent
>
>
> As far as I can tell, you are the only person speaking on this thread who
> wants to spin it into a discussion of Westerners, xenophobia, etc.
>
> I'm talking about math.
>
> Telegram is not IND-CCA2 secure. Period. They have some extra sprinkles
> they claim prevents adaptive chosen ciphertext attacks. They have no formal
> proof of these claims.
>
> Authenticated encryption schemes are IND-CCA2 secure by design.
>
> Telegram's scheme is inferior. It's mathematically inferior. Period. It
> has nothing to do with nationalism. It has everything to do with math.
>
> Telegram is an inferior design as compared to the standard designs being
> used in common practice.
>
>
> --
> Tony Arcieri
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140319/24b3ec68/attachment.html>

More information about the liberationtech mailing list