|
|
|
|
|
|
by jeroenhd
1481 days ago
|
|
|
Like other algorithms, it's a fairly simple mix of existing encryption paradigms. One paper tried to validate Telegram's protocol: https://www.researchgate.net/publication/346702021_Automated...
That seems to have gone well. The mechanisms used seem very similar to the mechanism used in Signal's last audit from 2017. Another paper only verified part of the protocol in a specific way: https://www.computer.org/csdl/proceedings-article/sp/2022/13...
This last paper found flaws that should allow some side channel attacks (though I find it hard to believe that 3 microsecond differences can be measured against the client unless the attacker controls the server) but concludes that the protocol should be secure enough with their proposed fixes, which Telegram seems to have implemented; the problems mainly stem from implementation bugs, something the Signal protocol wasn't necessarily checked for during their extensive audit. Based on this research I can't say I can find much wrong with mtproto2. It's proprietary in the same way the Signal protocol is proprietary, in that it was originally invented for a specific purpose inside a specific app. Just because nobody has bothered to copy the protocol to their app like WhatsApp did with Signal doesn't mean it's any more or less secure. In the context of an app that can't encrypt group messaging and doesn't encrypt private messaging by default, I don't think focusing on the potential insecurity of mtproto2 makes sense. Telegram made some dubious, foolish security theatre ("hack our server and win a prize!") but on a protocol level there are no glaring mistakes that necessarily invalidate the protocol itself. The big problem here is that only a fraction of users actually use this seemingly-secure protocol on the first place. |
|
|