If cryptographers spent time doing in depth analysis of every crank encryption app out there, they'd never have time to get anything done. It's valid to dissmiss them for the same reason physics professors don't give in-depth refutals for perpetual motion machines.
-
-
Replying to @zofrex @aleattorium
Ok, so this is the stuff I'm talking about. There are a small handful of popular chat apps in the world, and Telegram's encryption is not analogous to a perpetual motion machine. It's more like a nuclear reactor that works but some experts worry doesn't follow best practices.
1 reply 0 retweets 2 likes -
Yes, it would be really bad if people messed it up, but calling it a "crank encryption algorithm" is simply wrong and devalues the argument people are making. Do experts think that https://core.telegram.org/techfaq#q-i-39m-a-security-expert-and-i-think-your-protocol-is-not-secur … this contest is a fraud? $300k is pretty good...
2 replies 0 retweets 1 like -
Replying to @wycats @aleattorium
I haven't seen the 2nd round before, but yes, experts *absolutely* believed the contest was a fraud. It's a setup that sounds good to non cryptographers but is meaningless in actuality.
2 replies 0 retweets 0 likes -
By the very same argument, the author of the MTProto is a mathematician with no work in cryptography software before his own protocol. Which is the first part raising eyebrows. Second part: it is not open source, no guarantees of backdoors can be given.
1 reply 0 retweets 1 like -
Replying to @aleattorium @zofrex
I just don't find this rhetoric very helpful. It would be one thing if you could give me a bunch of links of careful analyses describing vulns and even a handful of POCs and then said "trust the experts". But the total amount of material people link to is tiny.
1 reply 0 retweets 0 likes -
For example, "Telegram is not IND-CCA" is a paper people link to a lot. But Telegram updated the protocol (https://core.telegram.org/techfaq#what-about-ind-cca …) and if the critique is still valid it needs to be refreshed.
2 replies 0 retweets 0 likes -
looks like you are looking at hacker news?
2 replies 0 retweets 0 likes -
I do have answers for you, but these threads make it more confusing, mind if I write a full post in response? There seems to be confusion between 'end-to-end encryption' and 'it's safe'.
2 replies 1 retweet 0 likes -
Replying to @aleattorium @zofrex
That would be delightful, and I'll gladly stfu until you've done so :0
1 reply 0 retweets 0 likes
I meant :D there. Immutable messages ftw.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.