Comment by grishka
3 years ago
I'd like to add that MTProto is impossible to MITM because there are no trusted third parties. The handshake that happens before the user logs into their account includes a step with RSA. The public keys for that step are hardcoded into clients.
To anyone who wants to complain about Telegram not encrypting chats by default and using "homebrew crypto" I'd like to say that it's XMPP we're discussing here. Telegram offers marginally better security than XMPP over TLS. The "homebrew crypto" is still not broken in 10 years and not for the lack of trying.
> Telegram offers marginally better security than XMPP over TLS.
I think you should compare apples to apples, that is, end-to-end encrypted XMPP using OTR/OMEMO/PGP. However, I agree that many XMPP clients were UX disaster when using E2E.
End-to-end encrypted XMPP should be compared to Telegram's secret chats then. Both are opt-in and both aren't very popular among users of these services.
A lot of clients have OMEMO on by default now. You can’t enforce it for all clients & across the entire network tho as XMPP is a ‘simple’ protocol without a let of bells & whistles meant to be eXtended like OMEMO/OTR/PGP built atop it. With the newer compliance suites tho, to be considered ‘modern’ OMEMO & other e2ee options are expected to be supported. Gajim makes the UI easy, & Conversations isn’t bad. Profanity is a bit more obtuse to use since you need to trust your own keys manually too & they’re not autocompleted, but all the tools are there even for a TUI client.
XMPP over TLS is secure though. Of course that is for the transport as the name implies. The difference to e2e is the same. Although if one party of any e2e exchange is compromised, you would have similar problems.
> The public keys for that step are hardcoded into clients.
Yeah, and the private keys are shared with Roskompozor.