Hacker News new | past | comments | ask | show | jobs | submit login

How does this compare with Telegram?

By default, Telegram stores a plaintext copy of every message you've ever sent or received on their servers. WhatsApp does end to end encryption using the Signal Protocol by default, and doesn't store anything server side.

When you say Telegram servers store plaintext "by default", does that imply this is not also true of their "Secret Chat" feature? That mode appears to behave as if it's exchanging keys and doing end-to-end encryption... (I am aware of the Telegram flaws you and others have pointed out).

"Secret Chat" uses Telegram's (flawed) E2E protocol, so the server would only see ciphertext. A "normal" chat is stored in plaintext.

This is also why normal chats work in multi-device environments, but secret chats don't. Unlike iMessage (and I assume Signal - haven't looked at the actual protocol), they don't do anything fancy like making the sender encrypt messages with multiple public keys (one for each device the recipient owns).

If you know something that telegram doesn`t know, maybe you should contact them, and ask your bitcoins worth of 200,000$ https://telegram.org/crypto_contest. Easier to "talk".

Does this mean Whatsapp do peer-to-peer message transfer or messages still pass through whatsapp servers?

Their is no mobile message app that does peer-to-peer as far as I know. Whatsapp, Telegram, Signal, Actor, Threema all go over a server.


Because its very hard to make reliable peer-to-peer apps. Phones are not always reachable easly on the same ip address. They move around, they are sometimes offline, sometimes they have high latency, the network drops most packages, they have limited space and computational power.

To deliver a message they both need to be online at the same time. For group messages you need to be very clever to get it working when only part of the people are online. The key destribution is also extreamly difficulte.

So lots of problem for very little gain.

What would be smart is to have a federated architecture so people can host their own servers and that would solve PART of the same problems, pure peer-to-peer would solve. Actor is devloping in this direction, and they want to get it working with Signal protocol, Signal itself would probebly do it as well if they had the manpower.

Because of NATs and (restrictive) firewalls.

Don't forget that Telegram uses custom in house encryption and they say "trust us", it's good. Telegram encryption can't be verified.

As long as the clients are open-source and the encryption is end to end, can't it really be verified?

Whatever the server, if the client encryption is reliable, data can't be read on the server side.

  if the client encryption is reliable
It's not[1].

[1]: https://eprint.iacr.org/2015/1177.pdf

It is not, or was not? Did this issue get rectified by Telegram?

No, they still use MTProto and not an AEAD construction.

I was referring to the padding attack. Did they patch this?

And are there any property of MTProto that makes it infeasible to replace AES IGE in a later revision of the protocol?

The problem isn't IGE. It's that they're using SHA1 (not HMAC-SHA1) in a "MAC and Encrypt" construction.

Its still their own crypto. Even if you have the code, their could be a mathematical weakness that is unknwon to anybody outside the company. The protocol has not been studied a lot.

Has anyone offer to fund an audit of the code/crypto/workflow? If not, it'd be nice Moxie would spec out a public request for funds via some sort of crowdfunding and means to post public offers to audit the code based on the funds raised.

Moxie has asked them multible times but they dont seem to care.

Oh, interesting, not a huge suprise, though guess I wasn't clear, I was talking about auditing the open source stuff, not Facebook.

Basically, crowdfunded audits of open source crypto tech have been done before; I'd be up for helping with this if it made sense, since currently my sec dev skill are not that useful:



Might be worth funding a exploitable bug bounty too.

The custom in house encryption is a protocol that if tou have the skill to break, go collect 200,000$ in bitcoins https://telegram.org/crypto_contest

> Telegram backer, Pavel Durov, will give $200,000 in BTC to the first person to break Telegram' encrypted protocol. Starting today, each day Paul (+79112317383) will be sending a message containing a secret email address to Nick (+79218944725). In order to prove that Telegram crypto was indeed deciphered and claim your prize, send an email to the secret email address from Paul’s message.

That is a fairly ridiculous challenge. Your average crypto professional is not going to have access to the communications channels between the two phones. The NSA or CIA or other government group might, but not really anyone else. Putting this up as a challenge is just silly.

Cool. So FB/WhatsApp can't even decrypt messages themselves?

If they actually do what they say the do, then yes. Thier is no evidence that they are lying, so for now its probebly save to assume that they can not read your messages.

No, it is not safe to assume that. Edward Snowden already proved that we cannot trust large US corporations.

Thats what I said. You have to trust them. As far as we know they can not read it. Its fully possible that its not true but its far more likely that it is true.

If the work together with the NSA then its more likly that they deploy bad updates to individuels rather then deploying a backdoor to everybody. That is to easy to detect and it would be a marketing desaster.

No, you said it is safe to assume they can't read your messages, which is the exact opposite to what Snowden said. What you personally think is true, likely etc is irrelevant. Facebook could be compelled to release private keys/data to the US government and not tell anyone and you'd be none the wiser.

He never said that ;)

Yes, he did, elsewhere on this thread.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact