Our main discovery is that the symmetric encryption scheme used in Telegram β known as MTProto β is not IND-CCA secure...
And:
We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack.
So, "best in class?" No, but "sufficient for most of the masses?" Probably.
// , βIt is not so important to be serious as it is to be serious about the important things. The monkey wears an expression of seriousness... but the monkey is serious because he itches."(No/No)
// , βIt is not so important to be serious as it is to be serious about the important things. The monkey wears an expression of seriousness... but the monkey is serious because he itches."(No/No)
But seriously thanks, I've added "On the CCA (in)security of MTProto" to the list of links at the bottom. That list of links wasn't intended as "sources." That article is indeed worthy as a source.
Thanks for the suggestion!
And perhaps I should make it less implicit that what I consider "best in class" in my post here is "best in class" for recommending to people relatively unfamiliar with security stuff; "the masses".
Like, Grandma doesn't want the NSA stealing her secret cookie recipes, and asks for one of them secret chat thingies (they've been naughty!). Or a friend just got a job as a congressional aide/CEO assistant/regulator/software developer and wants to up the InfoSec game. What do?
And hey, Y Combinator isn't that bad, at least for showing "I'm not the only grumpy troll out there who's skeptical of this BS."
perhaps I should make it less implicit that what I consider "best in class" in my post here is "best in class" for recommending to people relatively unfamiliar with security stuff; "the masses".
See, for grandma, Telegram is just fine, because it's "better than WhatsApp". For medium requirements, I use Zendo, for its OTP feature. I also use Signal (for medium rated voice calls).
For things that require true SC, in person, in a secured location.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I read the article, then sat here shaking my head at the links to ycombinator threads as source opinions here.
Have a much better source, eprint.iacr.org/2015/1177.pdf
From the abstract:
And:
So, "best in class?" No, but "sufficient for most of the masses?" Probably.
I still kind of disagree with this:
I don't disagree in comparison to SMS, but I do not think that's a fair enough comparison.
Grandma doesn't need security to share recipes. Her problem is more likely using 2FA, rather than the fact her 2FA uses SMS.
The average Joe is the same. Some, even weak security, is good enough.
C-level employees, probably want better than Telegram. Any state officials using Telegram probably need firing.
It's all relative. Hell, there's an argument for actively using plaintext too, when you WANT the opponent to know what your saying.
Privacy for the sake of privacy just fuels the arms race. I don't care who knows my shopping list. But I don't do company work on public WiFi.
See, that was your first mistake.
But seriously thanks, I've added "On the CCA (in)security of MTProto" to the list of links at the bottom. That list of links wasn't intended as "sources." That article is indeed worthy as a source.
Thanks for the suggestion!
And perhaps I should make it less implicit that what I consider "best in class" in my post here is "best in class" for recommending to people relatively unfamiliar with security stuff; "the masses".
Like, Grandma doesn't want the NSA stealing her secret cookie recipes, and asks for one of them secret chat thingies (they've been naughty!). Or a friend just got a job as a congressional aide/CEO assistant/regulator/software developer and wants to up the InfoSec game. What do?
And hey, Y Combinator isn't that bad, at least for showing "I'm not the only grumpy troll out there who's skeptical of this BS."
See, for grandma, Telegram is just fine, because it's "better than WhatsApp". For medium requirements, I use Zendo, for its OTP feature. I also use Signal (for medium rated voice calls).
For things that require true SC, in person, in a secured location.