"I know it looks like we're being pedantic or even cliquey, but what's really happening is they've spotted a fatal flaw in the crypto." I don't feel anyone is being cliquey and I interpreted the first round of critiques in exactly this way.
-
-
I'm finding your post here problematic in much the same way as I was originally bothered by but there's more signal here (no pun intended).
1 reply 0 retweets 0 likes -
"If a 12 year old comes into your IRC channel with their homegrown encryption algorithm, no-one's going to care when you break it, because no one thought it was sound in the first place." This is not a 12 yo. It's one of the most popular chat programs in the world.
1 reply 0 retweets 0 likes -
And given that 1. people were interested in showing flaws in MTProto1, and 2. they cared enough to attempt to fix them in MTProto2, it seems like there's a reason to check MTProto2 and I bet papers would be accepted at conferences.
3 replies 0 retweets 0 likes -
I think the difference between our mental models comes down to this: You're acting like telegram is a crank 12 year old flying rockets based on flat Earth theory so they can be safely ignored. I think of them (accurately) as one of the top chat programs in the world.
1 reply 0 retweets 0 likes -
Replying to @wycats @aleattorium
Both can be true! 1) deploying crank crypto to millions of people doesn't stop it being crank crypto 2) how many of those millions even use the crypto? it's off by default. Can't be turned on for group messages. Most Telegram chats are going plaintext.
1 reply 0 retweets 0 likes -
So if you want to play the "millions of users" card, well, they're using plaintext, that's the end of the discussion. No crypto conference is going to accept your submission on breaking that! * by plaintext I mean "client-server encryption" which is tbh VERY SLOPPY on my part
2 replies 0 retweets 1 like -
and yes I agree details on MTProto2 would be interesting. I haven't looked to see if that's the case. But note: "interesting to academic conference" isn't really related at all to "demonstration that something is or isn't secure"
1 reply 0 retweets 1 like -
I guess what my argument boils down to is "yes it would be academically interesting for someone to tear apart MTProto2 rigorously, but that's a far higher bar than is needed for crypto people to be correct in warning people away"
1 reply 0 retweets 0 likes -
Replying to @zofrex @aleattorium
My bottom line is that the stated goal of MTProto is UX (perf) and both signal and WhatsApp have worse UX than telegram. I would like security people to consider that maybe telegram did what they did for this reason (their stated reason!) and maybe the status quo has problems.
1 reply 0 retweets 0 likes
I use telegram and signal. I don't use WhatsApp because it's unusable for me. Security analyses that ignore UX considerations result, at the limit, in recommendations that people adopt PGP.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.