[liberationtech] About Telegram
Ximin Luo
infinity0 at pwned.gg
Wed Mar 19 19:04:40 PDT 2014
On 20/03/14 01:54, Maxim Kammerer wrote:
> On Thu, Mar 20, 2014 at 3:21 AM, Ximin Luo <infinity0 at pwned.gg> wrote:
>> The stuff the developer posted in the other fork of this thread is really something. I wish we had a cryptographic equivalent of funroll-loops.info.
>>
>> "This is just the key exchange; not trying to sign or otherwise authenticate here."
>
> What if I told you that the original OTR protocol, that most of these
> “good” chat apps that crypto experts are so happy with are based upon,
> had a completely trivial MITM in key exchange part [1]? Really
> something!
>
> [1] http://dx.doi.org/10.1145/1102199.1102216
>
Welcome to 2014. Telegram has more of these, more severe, more obvious, and from further in the past. OTR also did not claim they were secure because it was written "by a team of PhDs", and a bunch of other disingenuous marketing gimmicks.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
More information about the liberationtech
mailing list