Comments (8)
Re-enabling SecretChat: Merits of upgrading & caveats
Upgrading worked, secret messaging is now a thing again - thanks for your help.
It is however a bit more difficult with the new API to transition all past chats into a "Secret Chat Cancelled" state when one uses Destroy(). I find this deceptive from the user perspective, but I can understand how this would be more efficient at the server side by requiring less statefullness to be cached. However, switching between previous binaries and fooling around with version numbers indicate the requisite data is being store anyways so the efficiency/performant argument is moot.
You are clearly logging everything and keeping it in a stateful structure at the ready.
Which begs the question, why doesn't LoadChats() actually load the list of chats? The data is there, so the only upside is identity hijacking. Stop obfuscating.
I think you need to prove you aren't just another NSA drone and do the obvious things that are materially useful for user safety & privacy and stick to it. Otherwise, your demise soon draws near. I.e., always do the right thing: right now, you are not.
API Noise or: How you learned to stop securing and love UX
Also the following server messages are very noisy since the update - please don't make the mistake of UX over user safety:
TdApi.UpdateInstalledStickerSets ||
TdApi.UpdateAccentColors ||
TdApi.UpdateProfileAccentColors ||
TdApi.UpdateAnimationSearchParameters ||
TdApi.UpdateActiveEmojiReactions ||
TdApi.UpdateDiceEmojis ||
TdApi.UpdateChatThemes ||
TdApi.UpdateTrendingStickerSets
(Erich is doomed and SVCode is being developed as we speak, with proper security protocols in place - don't be VSCode).
Rebuttal
As "irrelevant" as you claim my comments about encryption might be, they certainly are salient and relevant and your dismissal is telling, thus I must elaborate:
-
The API provides no visibility into the cryptosystem, key strength or any way of verifying signatures for secret chats, which leaves one open to direct cryptographic trapdoor attacks and to MITM attacks when doing end-to-end encryption.
-
I posit that the current implementation of Telegram has actually been intentionally weakened and that calling it "end-to-end encryption" is a stretch - prove me wrong.
I welcome you to prove me wrong on the above. And so would your users. Make me the bad guy by making your API better and proving me wrong.
Moving forward for the benefit of all
Let me know if you want to discuss further on how to harden the protocol. The current changes are diverging away from a security by design, secure by default philosophy and cannot be trusted for secure e2e communications in it's current form.
At least it does however work (in it's currently debilitated realization of a once grande ideal).
Given recent press about Telegram defaulting to insecure communications, perhaps we should have the conversation about how to make it more secure?
@see https://medium.com/secure-words/your-messages-on-telegram-are-not-encrypted-the-platform-is-not-as-private-as-you-think-d14a6342928d
I'd hate to think that you were eaten by wolves without appropriate due-diligence. I don't mean to get zk-SNARKy, but:
- PS. ECDSA is a crock.
- PPS. Argon2 is cool - use it.
- PPPS. OpenSSL is an NSO sploit waiting to happen. You can't guarantee "no vulnerabilities"
- PPPPS. It surprises me that you have financial hooks in the User/UserFullInfo objects but no means of verifying the various elemental components relating to financial transactions. Do you even Banking bro?
Epilogue:
I don't offer any apologies if the above offends your agenda, but please accept my most humble and apologetic assistance if you motivation and execution is pure. If would like me to lean in and make Telegram better; like a properly open competitor to "AGPL" Signal (pft! socialists!), then please do.
If you don't release a truly open and practically useful API, then we will build something into SVCode to replace you, Signal, Whatsapp and Telegram that resolves the metadata problem once and for all and is truly open, secure, safe and grounded on the sound principles of hyper-accelerated capitalism.
Fin:
Best Regards,
.\p on CS
from td.
You can check the key as documented: "This is a string of 36 little-endian bytes, which must be split into groups of 2 bits, each denoting a pixel of one of 4 colors FFFFFF, D5E6F3, 2D5775, and 2F99C9. The pixels must be used to make a 12x12 square image filled from left to right, top to bottom. Alternatively, the first 32 bytes of the hash can be converted to the hexadecimal format and printed as 32 2-digit hex numbers"
from td.
By the way, secret chats must work in the precompiled version with any up-to-date Telegram app. If they don't then a ticket must be created against the app with which they don't work.
To avoid MITM you just need to compare secretChat.key_hash
with the other party.
from td.
Also you might want to consider BoringSSL. The world is moving away from OpenSSL as the code base is too complex and the attack surface is proving unmanageable and fundamentally insecurable. BoringSSL was written by Google to address this issue and the API is almost a 1:1 drop in replacement.
It is also recommended that one uses 4096-bit public key exchange. A 1024 bit DH or RSA key exchange generates >= 80 bits and <= 96 bits of key material which is then zero-padded before being used as a symmetric key for the subsequent AES-128 encrypted channel that opens. AES-96 is not very strong, and zero-padding the key makes it even weaker.
Also AES-128 is no longer considered particularly strong by today's standards. One should use at least AES-256 or ideally AES-512 where possible. The latter would require an ECC key exchange of significant length as it is computationally onerous to generate such key lengths using classical asymmetric key exchange such as Diffie-Hellman or RSA.
from td.
There were no fixed OpenSSL security vulnerabilities that affect TDLib.
TDLib supports building with BoringSSL instead of OpenSSL, but this isn't recommended. https://github.com/google/boringssl/blob/master/README.md: "Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it."
BoringSSL also has some changes, which negatively affect TDLib's security.
Other thoughts about used encryption are also irrelevant.
You can build the latest TDLib for Android following https://github.com/tdlib/td/tree/master/example/android. Precompiled binaries will be deleted with the next minor TDLib update being surpassed by the example.
from td.
I'll check it out.. 👍
from td.
So, how does one find secret_hash in the regular IOS/Android UI? And what about cryptosystem info?
from td.
Thanks... that's useful.
from td.
Related Issues (20)
- How do I upgrade tdlib from version 1.8.10 to the latest 1.8.25 on Ubuntu? HOT 1
- How can I log in to my account using .session files or session string? HOT 1
- how to in python? HOT 11
- In Java, I called ClearImportedContacts but did not clear the contacts I imported. Why? HOT 1
- The application does not open and this error appears. Please respond quickly HOT 2
- In what case will updateMessageInteractionInfo's `interaction_info` be null? HOT 2
- Get a premium limit for pinning topics in the forum HOT 3
- Upgrade pattern HOT 2
- Large growing native memory usage by the Java app which uses tdlib HOT 5
- Changes in updateChatLastMessage Event HOT 1
- TdApi.DownloadFile HOT 4
- A few minutes after logging into my tdlib, the account becomes Deleted Account HOT 2
- bilal HOT 1
- [ASK] Is there an example of how to use the video/voice call feature? HOT 1
- moving app to a different computer HOT 3
- How can I get pinned chat messages? HOT 1
- toggleMessageSenderIsBlocked This function was not found HOT 1
- how to get premium extension date HOT 1
- Need manually free return memory when use td_receive in ptyhon ? HOT 3
- [Advice] Need to find out if there're a way to fix an .ogg file broken due to using pause during recording the voice HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from td.