Hacker News new | ask | show | jobs
by janinge 3720 days ago
I was referring to the padding attack. Did they patch this?

And are there any property of MTProto that makes it infeasible to replace AES IGE in a later revision of the protocol?
1 comments
CiPHPerCoder 3719 days ago
The problem isn't IGE. It's that they're using SHA1 (not HMAC-SHA1) in a "MAC and Encrypt" construction.
link