[liberationtech] About Telegram

[Ximin Luo]

On 19/03/14 16:14, Maxim Kammerer wrote:
> On Wed, Mar 19, 2014 at 5:25 PM, Tony Arcieri <bascule at gmail.com> wrote:
>> Rather than admitting their mistake, Telegram doubled down on their bad
>> crypto, and began making claims that it's the cryptographic community, not
>> themselves, who don't know what they're talking about. Then they published
>> that silly contest which Moxie made a brilliant mockery of.
> 
> They also “declined [Moxie's] suggestions for collaboration of any
> kind”, and then some guy who actually got his hands dirty instead of
> writing brilliant mockeries won $100k from Telegram. I can only
> imagine the butthurt in the “crypto community” — I laugh every time
> when rereading this story.
> 

It sounds like you are the one butthurt actually.

You haven't demonstrated any good grasp of security concepts, yet you cling onto the belief that Telegram is worth your time. Is it just because it looks shiny, they say nice words and sound reasonable, and haven't challenged your opinions?

You think it's "snobbishness" to dismiss stubborn people who over-advertise their abilities far beyond reality, who invite comment and review only so that the real experts do their work and due diligence for them for free?

The stuff the developer posted in the other fork of this thread is really something. I wish we had a cryptographic equivalent of funroll-loops.info.

"This is just the key exchange; not trying to sign or otherwise authenticate here."

"We were indeed originally using AES and HMAC for the key exchange"

"I'm not sure about the authentication needed here -- can you clarify?"

I would have assumed that it was a really sophisticated troll, if it were not for the fact they have an entire github repository dedicated to promoting this.

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git