By the very same argument, the author of the MTProto is a mathematician with no work in cryptography software before his own protocol. Which is the first part raising eyebrows. Second part: it is not open source, no guarantees of backdoors can be given.
-
-
Replying to @aleattorium @zofrex
I just don't find this rhetoric very helpful. It would be one thing if you could give me a bunch of links of careful analyses describing vulns and even a handful of POCs and then said "trust the experts". But the total amount of material people link to is tiny.
1 reply 0 retweets 0 likes -
For example, "Telegram is not IND-CCA" is a paper people link to a lot. But Telegram updated the protocol (https://core.telegram.org/techfaq#what-about-ind-cca …) and if the critique is still valid it needs to be refreshed.
2 replies 0 retweets 0 likes -
looks like you are looking at hacker news?
2 replies 0 retweets 0 likes -
Replying to @aleattorium @zofrex
No I'm not :) I looked at the StackExchange post you linked to. :)
1 reply 0 retweets 0 likes -
1. The author of the said POC was this Brazilian: https://www.linkedin.com/in/aramos/ - I don't have it here with me, because it was using live, using tools for network packages + SMS attack 2. There are papers indeed, one of the thesis we are looking for is: http://cs.au.dk/~jakjak/master-thesis.pdf …
1 reply 0 retweets 0 likes -
Replying to @aleattorium @zofrex
It looks like MTProto 2 was created in response to analyses during the 2015 era, so I wonder whether that analysis still holds (the paper about IND-CCA is obsoleted it seems)
1 reply 0 retweets 0 likes -
Probably that paper is obsolete, then again, we do not have the source code.
1 reply 0 retweets 0 likes -
Replying to @aleattorium @zofrex
We have a newly documented protocol so we can see whether the analyses apply to it. At minimum it seems they attempted to respond to public critiques through updates that they documented. Should be worth some good faith assumption.
1 reply 0 retweets 0 likes -
that is true, but assuming good faith is a 'no-no' in the security world, I don't think it will change soon given the market
1 reply 0 retweets 0 likes
I really mean "don't bozo bit them as so self evidently bonkers that you don't even need to bother analyzing it"
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.