7

This was already asked here, but I have questions about the answer. https://security.stackexchange.com/a/49802/118071

I'm not sure if that answer applies to the full E2E mode. Another answer states:

Diffie-Hellman End-to-end encryption is known to be practically unbreakable when used properly even if one does not trust the server passing on the messages.

Therefore, Telegram's secret chats are unbreakable assuming they were used properly and assuming there isn't a serious flaw with the Telegram client software or the crypto. However, as stated earlier, the crypto needs more peer review.

So which is it? Does Telegram use homebrew encryption for everything or does the E2E "Secret Chat" make use of D-H (for the key exchange at least). Does anyone know if the app been updated to use name brand encryption or if it's in the works?

jrtapsell
  • 3,169
  • 15
  • 30
Jesse Adam
  • 167
  • 1
  • 5

2 Answers2

10

2017-11-01 update: MIT Security analysis of Telegram finds it to be insecure.

Quote from the following paper ...”our survey shows that Telegram has had serious and simple issues in the protocol (e.g. modified buggy Diffie-Hellman key exchange) that any knowledgeable security expert could penetrate.”

https://courses.csail.mit.edu/6.857/2017/project/19.pdf

They also end their paper with a well-worded statement about the Telegram:

“Finally, our conclusion is that Telegram, just like any other application has vulnerabilities. Users have to be aware of this fact, but unfortunately the claims by companies make non-tech-savvy users to believe that their messages are unreadable by third parties.”

Previous update with interesting input: Snowden doubts security of Telegram https://www.rt.com/news/326565-snowden-durov-security-telegram/ Snowden has a great point here. Why should the server ever have access to the message in cleartext stored or not.

Lots of questions here:

Secure in transit ? Nothing is perfect but the use of a non-standard implementation increases the risk for human errors and probably increases the attack surface. Note: The use of Diffie-Hellman protocol does not mean the implementation of data in transit is secure at all. I could use DH for supposed key generation then promptly ignore the results and use Rot-13 or some other broken encryption scheme for data in transit.

You need to evaluate the system as a whole to determine the strength of the combined controls. Just looking at one part and saying since that's secure the whole thing is secure is a flawed statement at best.

Secure from anyone who has access to the phone or mobile devices operating system ? No, the types of security controls needed are not present on modern mobile operating systems.

Does Telegram use DH or homebrew ? It's not either/or the answer is both.

It appears they are still using, and defending, their home grown implementation. Note: I'm not saying this is a bad thing, progress is made by change, but it's notable that there is no third-party validation of their process on their website. To me this is a ripe situation for the statements on a website to be "technically true" but not painting the whole picture. They claim that messages are safe from "hacker attacks" and in one sense that may be true but is that the only scenario you are concerned about ? Do they answer the question related to the threats you are concerned about ? If not, why not ? Is this safe for people living in countries with repressive governments that do heavy monitoring of communications ? That's a different question entirely and one which they don't address.

https://core.telegram.org/techfaq

Personally I'd be curious about their key handling and it's implementation more than anything. Other questions I'd investigate are : Could they share keys with service providers and governments without the end users knowledge ? (I know they say they don't but could they ?) How do they comply with warrants ? Have they ever publicly complied with a warrant for such information ? Do employee monitoring systems offer support to decrypt Telegram communications yet ?

Ultimately security is somewhat relative and I think for most people their solution probably works well.

Telegram Secret chats (end-to-end encryption)

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49
  • Im more concerned about hackers intercepting infrastructure info exchanged among coworkers than a government – Jesse Adam Jul 20 '16 at 23:19
  • 1
    Attackers tend to go for cost-effective, and time-effective, targets. They'd probably target client or endpoint systems and the users themselves first. That said someone who is brilliant at crypto may already be working on breaking this implementation. – Trey Blalock Jul 20 '16 at 23:34
  • 1
    Concerning your edit and for the people who did not read the paper: I want to note, that this paper focuses on an availabilty exploit and one could see this as more of a privacy than a security issue. The authors build an algorithm to derive the likelihood of two people talking to each other, which seems to be somewhat accurate. The paper does not elaborate on an exploit or attack to gain access to clear text messages or keys. – Tom K. Nov 02 '17 at 10:04
  • I would also add that "MIT Security analysis" makes it sound like researchers at MIT published a peer-reviewed paper on vulnerabilities in Telegram. The paper linked is not this, it is a final project written by MIT students in a Senior year/1st year graduate course. – Jonathan Rayner Jan 08 '21 at 22:20
0

Telegram released its Reproducible Builds for iOS and Android documentation.

According to its blog:

As of this update, Telegram becomes the first messaging app to allow you to independently verify that the code on GitHub is the exact same code that was used to build the app you downloaded from App Store or Google Play

It is not an easy thing to cheat on users if you publish such info, I would say.

Sopalajo de Arrierez
  • 641
  • 2
  • 7
  • 16