Email or username:

Password:

Forgot your password?
GrapheneOS's posts Post Back to profile
Top-level
Oliver D. Reithmaier

@GrapheneOS any resources or info about these e2ee weaknesses you could link to? I've heard this a couple of times already but couldn't find anything myself...

Edit: read the wiki article. Not too much in the know considering crypto to know how grave this is. Would love comments from people who do.

24 August at 23:07 | Wall-to-wall | Open on infosec.exchange
5 comments
ilias :night_ablobcat_wink:
Oliver D. Reithmaier

@DM_Ronin @GrapheneOS let me preface this by stressing that I use signal, and don't really care for telegram as a messenger. All I'm doing here is being curious.
Regarding the things you linked: Green's link is just a lot of stuff about signal, all he says about TG is that he doesn't know how MTProto works or "thinks" it's insecure in some way.
The second link is just the default problem and says nothing about encryption weaknesses(victim probably didn't use secret chats).
The YT link does an audit/validation of the Mtproto model, discloses some vulnerabilities that they say have been fixed.

Wiki states that the model of MTProto 2.0 was audited by Italian researchers. This doesn't really say anything about weaknesses in the current implementation.

@DM_Ronin @GrapheneOS let me preface this by stressing that I use signal, and don't really care for telegram as a messenger. All I'm doing here is being curious.
Regarding the things you linked: Green's link is just a lot of stuff about signal, all he says about TG is that he doesn't know how MTProto works or "thinks" it's insecure in some way.
The second link is just the default problem and says nothing about encryption weaknesses(victim probably didn't use secret chats).
The YT link does an...

25 August at 0:16 | Open on infosec.exchange
Support GrapheneOS 667
Oliver D. Reithmaier

@SupportGrapheneOS_667 @GrapheneOS same here as in my previous comment. This just states the default problem and is also outdated since MTProto 2.0, Kuketz references problems of 1.0, which were real. While I don't like bad defaults, this ultimately is a design choice. The malicious part is calling it private by default. But: That's just bad faith marketing. Microsoft also says their shit is secure. Nothing different.

Anybody got something _recent_ about MTProto 2.0?

25 August at 0:19 | Open on infosec.exchange
Orca🌻 | 🏴🏳️‍⚧️
Go Up