Another guy has butthurt from Telegram. As I read somewhere telegram guys said that after 1st march 2014 they somehow will allow to perform MITM in that crypto challenge
If they allow man in the middle attacks then the system is completely and demonstrably broken. The out of band public key verification uses deterministic images to confirm that the keys are the same, which can be easy forged given the relatively bad comparison engines in use (humans describing what a pixelated 16px image looks like). At no point is the real key shown to the user, so it's impossible to verify that they're identical through a description.
I wager that if they did allow a tampering eavesdropper in their bounty contest, it would be in the same conversation that has already done a key exchange and verification, making it yet more snake oil. You can hardly call something secure when you don't allow real-world MITM attacks in testing.
From just asking around, most people described the key image to me in terms of the darkest portions and ignored the parts that were lighter. It's easier for the example image to say that there's a dark L and lighter X shape in the center and then assume that the rest is the same. At least, that's how people did when I presented it to them as a challenge.
> There's also not that many possible images anyway, there's 8 rows with 8 columns, and 4 possible colours for each pixel. Even not assuming any fuzzy matching (human comparison) it's still very possible to generate keys with colliding image hashes.
Man in the Middle attacks are so easy and cheap to set up. Just use a few wireless access points, pop them up around town, install something like Jasager and a 3G dongle. Phones like to connect with known networks and will happily connect with your rouge access point, if you tell them that you are exactly the ap they are looking for.
So, any system that claims to be secure must factor in MitM.
More information on this, and how easy it is to trick devices can be found at Troy Hunts website [0] and at Wifi Pineapple [1]
Moxie? He is kind of a real expert in everything crypto and, instead of using the phrase "military grade encryption", WhisperSystems actually explains what they do and how they do it.
His posts are very well written and understandable, even for non pros (with a pinch of sarcasm, but that's how I like it). So, where exactly is he trolling?
Wow, there are so many cryptography experts with world names in this thread!
And interesting why you think that it's not possible to read most of cryptography/cryptanalysis books and check common mistakes of implementation afterward? Do you really think that this is THAT hard?
Your scepsis would be understandable if they used OWN cryptoalgorithm. However their protocol is based on well known strong crypto.
There is a lot more to secure protocol design than just stringing together commonly accepted standards, unfortunately.
There are a great many ways you can all gaps which mean a hacker can circumvent your security arrangements, and we are sceptical because we've seen it done wrong so many times before that it is healthier to take the pessimistic view (assume it is wrong and be pleasantly surprised if it isn't, rather than unpleasantly surprised if/when it turns out not to be).
