Speaking of the vulnerabilities that our team found, here is our blog post about it and a link to our report and the github issue tickets that we opened: Here is our blog post about our audit of Cryptocat, which was also announced today: https://leastauthority.com/blog/
I just posted a comment on the SpiderOak blog about how I was rather startled when I found out that they had waited until after we did the security audit before they informed us that they knew about bugs going in:
However, after I got over my surprise, I started thinking that this was a really good move on SpiderOak's part. If you hire a security auditor, it might be hard for you to tell whether you're getting value for your money. Leaving known bugs in the code and then observing whether the auditors find them is potentially a good way to overcome that.
Mind you: this will make life harder for we in the security auditing industry if this practice takes off. ☺
You could consider using Tahoe-LAFS instead of BitTorrent sync. Tahoe-LAFS is open source and stable, but it isn't a clone of btsync, and it might not fit for your purposes.
Thanks for sponsoring the Telegram product. (Even though I think what they are trying to do could be done much better.)
Could you please ask the Telegram team to post the exact contents of the first message that Paul sent to Nick, except with the secret email address X'ed out? I explained in https://news.ycombinator.com/item?id=6937631 that if the MT protocol is secure, then there is no risk in posting such a "known plaintext", so the Telegram team should have no problem posting it.
-------
Q: Does Paul send the same message to Nick every day?
No, just as in real life, Paul‘s messages to Nick can be different each time. The only thing that doesn’t change is the secret email address in his daily messages.
Q: Could you provide an example of a Paul's message to Nick?
Sure. The message may look like “Hey Nick, so here is the secret email address for the bounty hunters – {here goes the email}”.
-------
There are some things that I don't understand about the structure of this contest. Why is the target secret an email address rather than a magic word like "squeamish ossifrage"?
I asked for an “examples of the actual message”, and you posted an possible example, but what I meant to ask for was actually the exact text of one of the messages. Except, of course with the target string (the email address) replaced by X's.
For redditors following along, getting a (partial) copy of the exact message that was sent would be an example of what cryptographers call (partial) "known plaintext". If your cryptosystem is secure against Known Plaintext Attack, then it doesn't matter if an attacker (me) gets copies of some of the messages. If your cryptosystem is insecure in this model, then your users have to be careful with what they type into their messages. For example, they might need to be careful not to cut and paste long strings from other sources, or to otherwise insert strings into their messages that their attacker might guess.
All good, modern cryptosystems are secure in the Known Plaintext Attack model! (And, in fact, all good, modern cryptosystems are secure in much more rigorous models in which attackers get more powers beyond peeking at plaintext.)
So if the makers of Telegram are confident in the security of their protocol, they should have no problem posting the complete, verbatim text of the first message that Paul sent to Nick, with the target email address replaced by "XXX"'s.
Taylor Hornby has written a good introductory explanation of the Known Plaintext Attack model and the more powerful attack models, in the context of the Telegram cracking contest:
A simple way to understand the gravity of this: the Nazi's Enigma machine was broken with a known-plaintext attack a.k.a a Turing Bombe break. Furthermore, it was the known plain text of previously decrypted messages that was used in further attacks against new keys issued by the Nazis.
https://leastauthority.com/blog/