Comment by taminka

17 hours ago

can anyone explain why telegram doesn't use an audited e2e implementation? is it really because they wanted more convenient and faster cross-device sync? have they been threatened and/or backdoored by the fsb? they basically stole vk from him, but left him alone w/ telegram?

it's suspicious, but at the same time, iirc, nobody's been able to find a vulnerability in their encryption protocol :shrug

5 comments

taminka

tptacek 17 hours ago

People have found vulnerabilities in MTProto.

sedatk 13 hours ago

IIRC, they had even started out with basic mistakes like MAC-then-encrypt.

dijit 17 hours ago

The first version of MTProto was found to have weaknesses.

The reason they rolled their own was because it came out before the Double-Ratchet/Axolotl protocol and OtR (which double-ratchet is essentially based on) was extremely inconvenient to use properly and had its own weaknesses.

taminka 16 hours ago

> The reason they rolled their own was because it came out before the Double-Ratchet/Axolotl protocol and OtR (which double-ratchet is essentially based on) was extremely inconvenient to use properly and had its own weaknesses.
this actually makes a lot of sense lowkey, thanks :)

chupasaurus 17 hours ago

1,2) NIH syndrome 3) We don't know 4) Expropriation isn't "basically stolen", Telegram was a tiny side project at the time