[sz4kerto]

So you trust a person's word (believing that telling the truth is in his interest) more than an open client? I'd really like Telegram to implement something that _is_ considered secure by many experts, but trusting _one_ experts word without any proof seems wrong to me.

> Someone actually cracking WhatsApp would be a serious issue for OpenWhisperSystems.

Why can't you imagine that e.g. Moxie has been blackmailed/etc. by some government authority? Again, I have no problem with Moxie's person in particular, I'm sure he would also agree that a single persons claims should not be trusted automatically.

[embik]

> I'd really like Telegram to implement something that _is_ considered secure by many experts, but trusting _one_ experts word without any proof seems wrong to me.

Please read the link I provided before[0], it features links to a bunch of people saying Telegram is not secure[1][2][3][4]. It's not just Moxie. I actually have not seen any expert saying that Telegram is secure, but I'm interested in such thing. As the Telegram protocol is open, everybody is able to see how flawed it is. We know that. With a closed client that allegedly implements a secure encryption method (we also know it's good because it's open as well) there's a chance it doesn't work the way it's supposed to work, but there's also the chance it's working as intended. I'd rather take one percent chance over zero.

[0] https://security.stackexchange.com/questions/49782/is-telegr...

[1] https://eprint.iacr.org/2015/1177.pdf

[2] https://unhandledexpression.com/2013/12/17/telegram-stand-ba...

[3] http://www.alexrad.me/discourse/a-264-attack-on-telegram-and...

[4] http://thoughtcrime.org/blog/telegram-crypto-challenge/

[reitanqild]

> Please read the link I provided before[0], it features links to a bunch of people saying Telegram is not secure[1][2][3][4]. It's not just Moxie. I actually have not seen any expert saying that Telegram is secure, but I'm interested in such thing.

I don't like Telegram claiming that it us unbreakable in the early days.

That said: I don't care for the things I use Telegram for. Most people seem to post their thoughts to Facebook or Twitter anyway, compared to that Telegram is a better option in my case.

For serious stuff we use seriohs crypto anyway, don't we?

[lucb1e]

Re [3]: I was not aware of that one. If it costs upwards of $300k it's beyond what I'd consider a personal risk, but it's very much something they should be looking to fix!

[sz4kerto]

Hey, sorry, you may have misunderstood me -- I'm not saying that it's only Moxie who's considering Telegram insecure. I meant that Telegram is considered insecure by many experts; but when it comes to the security of Whatsapp we can only rely on the claims of Moxie and Facebook, without the chance for open review.

> With a closed client that allegedly implements a secure encryption method (we also know it's good because it's open as well) there's a chance it doesn't work the way it's supposed to work, but there's also the chance it's working as intended.

However, from the other side: Telegram is not _trivially_ breakable (there's a 2^64 attack, which is not 'trivial'), but Whatsapp might very well be simply MITM-ed by Facebook. So you could also look at this from a different perspective and say "A powerful adversary could probably break Telegram messages, but maybe all Whatsapp messages are immediately decodeable by Facebook".

Also note: you have provided 5 links, but [0] simply refers to [1] and [2], [1] says that "We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack", [2] claims that there could be attacks (but does not provide one), [3] is a real attack, [4] is not about an attack.

So while I see that there are valid concerns re. Telegram's security, the links you have provided are a nice example of the Internet echo chamber.

[embik]

Uhm, yes, you're absolutely right, I have missunderstood you and I absolutely agree with what you're saying. An open client with a secure encryption is always preferred, but I doubt we will see Telegram become that one because they have been ignorant to people pointing out flaws before.

> but Whatsapp might very well be simply MITM-ed by Facebook

As long as you're not inspecting the binaries you use for Telegram (or build the applications by yourself) however, you can't guarantee it's not MITM-ed by someone either. Maybe you do, but most users certainly do not. When downloading the Telegram app from Google Play, there is not much difference to the WhatsApp app. You're basically trusting small groups that they provide the "real" binary to you. Not much of a difference to trusting Moxie's words, is it?

Link 0 was to remind you of the link I posted before and the other links might not provide specific (or effective) attacks, but they point out flaws in Telegram's protocol (1,2,3) and the way they test / value the strength of their encryption (4). More flaws are very much plausible for a homebrew crypto solution.