points by paveldurov 12 years ago

I'm afraid breaking into Telegram's central server (by the way, there is no such thing) will hardly enable you to decipher end-to-end encrypted secret chats. But certainly worth trying anyway.

nwh 12 years ago

It will allow you to conduct a man-in-the-middle attack on all encrypted traffic though, which would certainly be enough to read messages in plaintext.

  • paveldurov 12 years ago
    • sneak 12 years ago

      This is irrelevant - the "secret chat" mode is not the default (according to someone else in this thread) and you're just shoving the key verification process off on to the user with these silly graphic patterns (which, if OTR is any indication, the user won't verify anyway).

      This is still vulnerable to server-side _key_ MITM. It's the hushmail/iMessage/etc silent escrow key attack.

      • nwh 12 years ago

        The interesting thing with the graphic patterns is that they're lossy. If you assume that a person will just describe the pattern or show a picture of them to one another, it becomes fairly easy to forge them.

        http://telegram.org/img/key_image.jpg

        Blue in the top and bottom, white line through the middle. So little information that anybody could simply brute force the keys until they found one that matched the description well enough.

        I'd happily write a little attack for that, but it's clearly not "breaking" the system enough for the bounty.

        • sneak 12 years ago

          Someone did exactly this "fuzzy fingerprint" attack for ssh host keys in 2003:

          https://www.thc.org/papers/ffp.html

          • nwh 12 years ago

            That was a very good read that I wasn't aware of, thanks for the URL.

    • h0cked 12 years ago

      unauthenticated Diffie-Hellman key agreement is known for MITM attack.

cantfindmypass 12 years ago

Is there a staging server I can have root on?