Comment by hkpack
6 hours ago
What does heavily encrypted even mean? Fully encrypted? Slightly encrypted? Encrypted enough to call it “heavily encrypted” but not enough to be protected from whoever is interested?
6 hours ago
What does heavily encrypted even mean? Fully encrypted? Slightly encrypted? Encrypted enough to call it “heavily encrypted” but not enough to be protected from whoever is interested?
telegram is the safest encrypted messaging app. Period, full stop.
>telegram is the safest encrypted messaging app. Period, full stop.
Yes, let's see
* Not end-to-end encrypted by default
* No end-to-end encrypted groups
* No end-to-end encryption on any desktop client by the vendor, forcing cross-platform users to drop secret chats. This includes 81% of working age people who sit on their computer during work day, and 100% of college students and IT workers.
* No post-quantum key exchange
* No future secrecy
* No per-message forward secrecy
* Bullshit claims about distributed keys https://eutoday.net/pavel-durovs-secret-visits-to-russia/
I can't scream "drop & run" loud enough.
Telegram has nothing to do with Russia, other than having a Russian founder, and the Ukrainian military has literally relied upon it in the past, along with many Ukrainian civic services. You people are just racist towards Russians and need help.
Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.
This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.
I love how the author of your honeypot blog post has nothing concrete other than potential attack vectors and is like "Well this is obviously a Russian honeypot" with no evidence what so ever other than a claim that there are plain text device identifiers, which is something the FSB would do. [insert clown emoji]. You can do similar attacks on signal and whatsapp.. Why is it that the Russian one bothers you so much?
6 replies →
Heavily means the key is large so it takes longer to crack, but also longer to encrypt/decrypt, so the service is more costly to run and slower. At least I've seen it used that way
There's nothing slow about AES.
In this context "heavily" means "we can't legally claim it's end-to-end encrypted because it's not".
Also it's not even post quantum, so it's not heavy. Telegram's Diffie-Hellman breaks instantly with a quantum computer large enough to run Shor against it.
Also, the keys sit on the servers' RAM, no matter what they lie. There is no global distributed RAM system, especially one that encrypts data in distributed fashion and works at the negligible latencies that Telegram boasts.
It's not slow though so that's clearly not it. It's just a marketing intensifier here