4

In the Telegram API it is stated that Telegram support Perfect Forward Secrecy in their "secret chats". It is also stated that

official Telegram clients will initiate re-keying once a key has been used to decrypt and encrypt more than 100 messages, or has been in use for more than one week, provided the key has been used to encrypt at least one message.

So my question is, in this case, if a session key gets compromised, is it possible for an attacker to read 100 messages (or possibly more)? If yes, can we still say that perfect forward secrecy is satisfied here?

ayyyda
  • 41
  • 2
  • Up to 100 messages, not more (assuming it rekeys when it's supposed to). PFS just means that if a key gets compromised an attacker can only decrypt the data protected by that key, not other keys' data. – user Jun 02 '20 at 17:50

1 Answers1

3

Well, one of the biggest misconceptions and I can also see why it is one, would be the very name itself Perfect Forward Secrecy (PFS). One of the key distinguishing features of PFS is to limit the extent of the damage & breach, and not to achieve perfectness and 0% data loss/leaks.

You are right if Telegram Secret sessions are limited to 100++ messages hence if a particular session would be compromised so would the 100++ messages.

Telegram Secret chats have a Self-Destruct function set to the read messages as well, this is also to limit the impact on breaches. When the recipient reads the message from the sender, within X amount of time the message will self destruct. An attacker would be able to access the session but might be looking at an empty session.

mallocation
  • 1,668
  • 5
  • 20