Audit Telegram encryption indicates lack of security




An audit of the public source code Telegram shows that written by the company itself encryption protocol exhibits MTProto defects. The protocol would be less secure than existing encryption methods whose safety has been proven.

Telegram The audit of the source code for the popular chat app is carried out in February 2015 and the results are now published. The researchers from the Danish University of Aarhus come to the conclusion that it is written by Telegram itself encryption protocol called MTProto not meet the requirements of IND-CCA. This means indistinguishability under chosen-ciphertext attack and hold in this case that an attacker can convert an encrypted message in a different encrypted message.

When this last message is decrypted is again the same original text appear. The advantage here is that the attacker can obtain information about the way of encrypting. This attack can be countered by using authenticated encryption. This allows incorrect ciphertext to be identified, so that a chosen-ciphertext attack is not possible anymore.

The researchers let them know that this is a theoretical attack and that according to their is no way to carry out an attack to retrieve the plaintext, or cleartext, of a message. They argue that the findings indeed raise questions about the safety MTProto as alternative encryption protocols exist that can provide better security. It is not the first time that the encryption of MTProto under attack comes to lie. The researchers made their findings in September 2015 offered to Telegram. They recommend not to deliver patch MTProto, but choosing a better solution that is based on a true-implemented form of authenticated encryption.


In: A Technology & Gadgets Asked By: [21995 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »