✳️ SECURITY | CRYPTOGRAPHY ✳️
Computer Science Master's thesis
Aarhus University Denmark 🇩🇰
_________________
🔧 A practical cryptanalysis of the Telegram messaging protocol
_________________
👥 Author: Jakob Bjerre Jakobsen
👥 Supervisor: Claudio Orlandi
_________________
Full document: http://cs.au.dk/~jakjak/master-thesis.pdf
#security #cryptography #cryptanalysis #MTProto
Computer Science Master's thesis
Aarhus University Denmark 🇩🇰
_________________
🔧 A practical cryptanalysis of the Telegram messaging protocol
_________________
👥 Author: Jakob Bjerre Jakobsen
👥 Supervisor: Claudio Orlandi
_________________
Full document: http://cs.au.dk/~jakjak/master-thesis.pdf
#security #cryptography #cryptanalysis #MTProto
✳️ SECURITY | CRYPTOGRAPHY ✳️
‼️ CONCLUSIONS ‼️
▶️ In this work we have shown that Telegram, with its use of aging primitives, does not manage to provide data integrity of ciphertexts nor authenticated encryption, and is vulnerable to chosen-ciphertext attacks.
▶️ The attempt to mitigate known attacks has introduced new vulnerabilities, and we suggest that the Telegram team updates its protocol to use strong, modern primitives.
▶️ For message authentication codes it should use a good HMAC, use a proper key derivation function, and up date the key exchange to use elliptic curve Diffie-Hellman based on Curve25519. Telegram has a great emphasis on computational performance of its protocol, which is why CTR with its parallelization seems to be the logical choice of encryption mode. We suggest using CTR instead of IGE mode, as IGE offers no benefits over CTR.
▶️Overall, we can conclude yet again that homegrown cryptography is a bad approach.
#security #cryptography #cryptanalysis #MTProto
‼️ CONCLUSIONS ‼️
▶️ In this work we have shown that Telegram, with its use of aging primitives, does not manage to provide data integrity of ciphertexts nor authenticated encryption, and is vulnerable to chosen-ciphertext attacks.
▶️ The attempt to mitigate known attacks has introduced new vulnerabilities, and we suggest that the Telegram team updates its protocol to use strong, modern primitives.
▶️ For message authentication codes it should use a good HMAC, use a proper key derivation function, and up date the key exchange to use elliptic curve Diffie-Hellman based on Curve25519. Telegram has a great emphasis on computational performance of its protocol, which is why CTR with its parallelization seems to be the logical choice of encryption mode. We suggest using CTR instead of IGE mode, as IGE offers no benefits over CTR.
▶️Overall, we can conclude yet again that homegrown cryptography is a bad approach.
#security #cryptography #cryptanalysis #MTProto
✳️ SECURITY | CRYPTOGRAPHY ✳️
📕 ABSTRACT 📕
▶️Telegram is a popular messaging app which supports end-to-end encrypted communication. In Spring 2015 we performed an audit of Telegram's source code. This short paper summarizes our findings.
▶️ Our main discovery is that the symmetric encryption scheme used in Telegram -- known as MTProto -- is not IND-CCA secure, since it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message.
▶️ We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist.
▶️ The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
#security #cryptography #cryptanalysis #MTProto
📕 ABSTRACT 📕
▶️Telegram is a popular messaging app which supports end-to-end encrypted communication. In Spring 2015 we performed an audit of Telegram's source code. This short paper summarizes our findings.
▶️ Our main discovery is that the symmetric encryption scheme used in Telegram -- known as MTProto -- is not IND-CCA secure, since it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message.
▶️ We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist.
▶️ The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
#security #cryptography #cryptanalysis #MTProto
Forwarded from Telegram Geeks
❎ TELEGRAM | APPLE BLOCKING ❎
Apple forces Telegram to block @vkmusic_bot
http://telegramgeeks.com/2015/12/apple-forces-telegram-to-block-a-music-bot/
#apple #censorship #iOS
Apple forces Telegram to block @vkmusic_bot
http://telegramgeeks.com/2015/12/apple-forces-telegram-to-block-a-music-bot/
#apple #censorship #iOS
Telegram Geeks
Apple forces Telegram to block a music bot
VK Music Bot was blocked due to Apple requirements and copyright owners.
Forwarded from Telegram Geeks
Forwarded from Telegram Geeks
💥 BREAKING! | WHATSAPP BLOCKING IN BRAZIL💥
http://telegramgeeks.com/2015/12/justice-determines-whatsapp-lock-in-brazil-for-48-hours/
#brazil #blocking #whatsapp #48H
http://telegramgeeks.com/2015/12/justice-determines-whatsapp-lock-in-brazil-for-48-hours/
#brazil #blocking #whatsapp #48H
Telegram Geeks
Justice determines WhatsApp lock in Brazil for 48 hours
Telcos, through MSinditelebrasil, claim that fulfill the court order that takes effect from 0h of Thursday 17th. The measure was imposed by the 1st Criminal Court of São Bernardo do Campo through a precautionary…
Forwarded from Telegram Geeks
🤘The Official Telegram twitter account informs that 'more than 1.000.000 new users joining Telegram from Brazil today and growing. If you've just joined, check this out: https://t.co/x1haKyjvzQ '
Telegram
Telegram FAQ
This FAQ provides answers to basic questions about Telegram. Check out our Advanced FAQ for more technical information.…
Forwarded from Telegram Geeks
🚨 Two guys rescued thanks to Telegram 🚨
Even better news :)
http://telegramgeeks.com/2015/12/two-guys-rescued-thanks-to-telegram/
Even better news :)
http://telegramgeeks.com/2015/12/two-guys-rescued-thanks-to-telegram/
Telegram Geeks
Two guys rescued thanks to Telegram
The rescue team dispatched to the area using a mobile navigation software: Telegram.
✳️ ANDROID |TIPS ✳️
📱 Recurring Notifications on Android 📱
❗️ Problem: When you have unread personal messages, Android notifications will repeat every hour until you open the message.
✅ Solution: Go to
#tips #android
📱 Recurring Notifications on Android 📱
❗️ Problem: When you have unread personal messages, Android notifications will repeat every hour until you open the message.
✅ Solution: Go to
Settings -> Notifications and Sounds -> Repeat Notifications and select a repeat period or turn repeated notifications off altogether. #tips #android
Forwarded from Telegram Geeks
✳️ INSTANT MESSAGING | BRAZIL ✳️
WhatsApp finally shuts down in Brazil for 12h and 5.7M users move to Telegram
Although the suspension has finally lasted for 12 hours (and not 48h), it's been awesome for Telegram: 5.7 Million users joined Telegram just in one day!
http://telegramgeeks.com/2015/12/whatsapps-shutdown-in-brazil-telegram-record-new-users/
#brazil #whatsapp #record
WhatsApp finally shuts down in Brazil for 12h and 5.7M users move to Telegram
Although the suspension has finally lasted for 12 hours (and not 48h), it's been awesome for Telegram: 5.7 Million users joined Telegram just in one day!
http://telegramgeeks.com/2015/12/whatsapps-shutdown-in-brazil-telegram-record-new-users/
#brazil #whatsapp #record
Telegram Geeks
WhatsApp finally shuts down in Brazil for 12h and 5.7M users move to Telegram
Although the suspension has finally lasted for 12 hours (and not 48h), it's been awesome for Telegram: 5.7 Million users joined Telegram just in one day!
✳️ POLITICS | SPAIN ✳️
📱 Telegram Penetration 📱
👥 One of our followers sent us this information:
In Spain, podemos (political party) is using Telegram instead of WhatsApp.
http://www.estrelladigital.es/articulo/espanha/podemos-usan-telegram-y-no-whatsapp/20150605171822241951.html
#spain #politics #podemos
📱 Telegram Penetration 📱
👥 One of our followers sent us this information:
In Spain, podemos (political party) is using Telegram instead of WhatsApp.
http://www.estrelladigital.es/articulo/espanha/podemos-usan-telegram-y-no-whatsapp/20150605171822241951.html
#spain #politics #podemos
✳️ POLITICS | SPAIN ✳️
📱 Telegram Penetration 📱
👥 From another follower:
They have their own Telegram client: PodemosGram
https://play.google.com/store/apps/details?id=org.telegram.messenger.podemosgram
#spain #politics #podemos
📱 Telegram Penetration 📱
👥 From another follower:
They have their own Telegram client: PodemosGram
https://play.google.com/store/apps/details?id=org.telegram.messenger.podemosgram
#spain #politics #podemos
Google Play
PodemosGram - Android Apps on Google Play
Im communication service worldwide to fans of PODEMOS.
✳️ Our two cents about this:
➡️ Telegram never stores cloud chats in plaintext on the servers. They are encrypted.
➡️ Encryption keys are stored in a different facility in a different jurisdiction for each data center.
➡️ BUT if some intruder breach the security of all servers/facilities he will be able to access to your messages.
➡️ So Snowden is right about this: If you want full privacy, you should always use end-to-end encryption (keys are only stored on your device and never on telegram servers).
Fun fact: Long gone are the days when Pavel Durov offered Edward Snowden a job at Vkontakte.
http://money.cnn.com/2013/08/05/technology/social/snowden-vkontakte/
➡️ Telegram never stores cloud chats in plaintext on the servers. They are encrypted.
➡️ Encryption keys are stored in a different facility in a different jurisdiction for each data center.
➡️ BUT if some intruder breach the security of all servers/facilities he will be able to access to your messages.
➡️ So Snowden is right about this: If you want full privacy, you should always use end-to-end encryption (keys are only stored on your device and never on telegram servers).
Fun fact: Long gone are the days when Pavel Durov offered Edward Snowden a job at Vkontakte.
http://money.cnn.com/2013/08/05/technology/social/snowden-vkontakte/
✳️ INTERNET | CENSORSHIP ✳️
Error 451: The new HTTP code for censorship
On Friday, the group responsible for Internet standards, the Internet Engineering Steering Group (IESG), approved a new HTTP code to differentiate between Web pages which cannot be shown for technical reasons and others which are unavailable for non-technical reasons, such as governmental censorship.
http://www.zdnet.com/article/error-451-the-new-http-code-for-censorship/
#internet #http451 #censorship
Error 451: The new HTTP code for censorship
On Friday, the group responsible for Internet standards, the Internet Engineering Steering Group (IESG), approved a new HTTP code to differentiate between Web pages which cannot be shown for technical reasons and others which are unavailable for non-technical reasons, such as governmental censorship.
http://www.zdnet.com/article/error-451-the-new-http-code-for-censorship/
#internet #http451 #censorship
ZDNet
Error 451: The new HTTP code for censorship | ZDNet
If you wish to know how the Internet is restricted by governments, the new 451 protocol will tell you.
✳️ GOOGLE | BOTS ✳️
Google is building a new mobile-messaging with bots
Google is building a new mobile-messaging service that taps its artificial intelligence know-how and so-called chatbot technology to try to catch rivals including Facebook Inc.
For its new service, Google, plans to integrate chatbots, software programs that answer questions inside a messaging app.
Google is pursuing a similar goal with its messaging service, the people familiar with the plan said. Instead of typing a query into Google's search engine, users will type questions as text messages, to which chatbots will respond. Google will likely let outside developers build chatbots to run on the service, one of the people said. Google would steer users to specific chatbots, much as its search engine directs users to relevant websites. The move is strategic, because messaging apps and chatbots threaten Google's role as the Internet's premier discovery engine.
Full article: http://www.wsj.com/articles/google-plans-new-smarter-messaging-app-1450816899
If you can't because you see this: To read the full story subscribe or just copy and paste the URL into google, click on the first link and voila.
#google #bots #messaging
Google is building a new mobile-messaging with bots
Google is building a new mobile-messaging service that taps its artificial intelligence know-how and so-called chatbot technology to try to catch rivals including Facebook Inc.
For its new service, Google, plans to integrate chatbots, software programs that answer questions inside a messaging app.
Google is pursuing a similar goal with its messaging service, the people familiar with the plan said. Instead of typing a query into Google's search engine, users will type questions as text messages, to which chatbots will respond. Google will likely let outside developers build chatbots to run on the service, one of the people said. Google would steer users to specific chatbots, much as its search engine directs users to relevant websites. The move is strategic, because messaging apps and chatbots threaten Google's role as the Internet's premier discovery engine.
Full article: http://www.wsj.com/articles/google-plans-new-smarter-messaging-app-1450816899
If you can't because you see this: To read the full story subscribe or just copy and paste the URL into google, click on the first link and voila.
#google #bots #messaging
WSJ
Google Plans New, Smarter Messaging App
Google is building a new mobile-messaging service that taps its artificial intelligence know-how and so-called chatbot technology to try to catch up with rivals.