I want to know whether people have specifically responded to the technical details they have given. For example, they talk about why certain algorithms are secure in the context in which they are used. They might be wrong, but it's nuanced.
For example, "Telegram is not IND-CCA" is a paper people link to a lot. But Telegram updated the protocol (https://core.telegram.org/techfaq#what-about-ind-cca …) and if the critique is still valid it needs to be refreshed.
-
-
This is the kind of rhetoric I'm finding unhelpful. 1. "not showing your work" is at minimum deeply misleading. The protocol is well-enough documented that you can build third party clients. 2. "you don't make your own crypto" is also not saying anything.pic.twitter.com/0s2dewfF1J
-
I'm not saying the criticism is wrong. I'm saying that when people say "trust the experts on climate change" there's a million papers you can point to with detailed analysis. That's not true here, just repetition of the same rhetoric over and over.
-
Now I'm repeating myself :) I want to be clear: I have no idea if there's a problem here. I'm just asking for more information beyond the basic argument I've seen repeated over and over again.
End of conversation
New conversation -
-
-
looks like you are looking at hacker news?
-
No I'm not :) I looked at the StackExchange post you linked to. :)
-
1. The author of the said POC was this Brazilian: https://www.linkedin.com/in/aramos/ - I don't have it here with me, because it was using live, using tools for network packages + SMS attack 2. There are papers indeed, one of the thesis we are looking for is: http://cs.au.dk/~jakjak/master-thesis.pdf …
-
It looks like MTProto 2 was created in response to analyses during the 2015 era, so I wonder whether that analysis still holds (the paper about IND-CCA is obsoleted it seems)
-
Probably that paper is obsolete, then again, we do not have the source code.
-
We have a newly documented protocol so we can see whether the analyses apply to it. At minimum it seems they attempted to respond to public critiques through updates that they documented. Should be worth some good faith assumption.
-
that is true, but assuming good faith is a 'no-no' in the security world, I don't think it will change soon given the market
-
I really mean "don't bozo bit them as so self evidently bonkers that you don't even need to bother analyzing it"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.