- Language
- 🇺🇸
- Joined
- Jul 26, 2024
- Messages
- 13
- Reaction score
- 10
- Points
- 3
- Deals
- 3
Telegram Messenger is a cross-platform encrypted instant messaging application, available in a freemium model and hosted in a cloud. Based in Dubai, Telegram has more than 900 million users.
But.. Is that enough?
Sure, 75% of them are satisfied with their services but that is not argumentative.
I will explain to you how it works.
Before inquiring about the security of a platform, do not ask them themselves because they will do everything to rationalize you and ensure the "best".
Telegram uses their own encryption protocol called "MTProto", MTProto uses the AES (Advanced Encryption Standard) algorithm for symmetric encryption.
To ensure data integrity -> MTProto uses the SHA-256 hashing algorithm. This algorithm produces a 256-bit digest of the message, which makes it possible to check if the data has been modified.
For secure key exchange -> MTProto uses RSA (Rivest-Shamir-Adleman). RSA is an asymmetric encryption algorithm that uses a pair of keys (public and private) to secure the exchange of symmetric keys between the parties.
Communication Security Protocols -> MTProto also integrates protection mechanisms against common attacks, such as replay attacks or man-in-the-middle attacks. This includes the use of temporary keys and key generation protocols.
If we now look at these encryption techniques we can see that multiple vulnerabilities have been found in the archived past and in the present:
-> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45312
Here is a slightly more detailed source: https://cve.netmanageit.com/cve/CVE-2023-45312
-> Published : 2023-10-10 21:15
As the vulnerability code indicates this specific vulnerability is recent.
-> CWE-94
This CWE code means "Improper Control of Generation of Code ('Code Injection')"
And this is part of a severe level vulnerability.
Telegram makes multiple updates to its protocol but this is not enough because what is encrypted is decryptable and there will always be a vulnerability.
I'll stop there because otherwise I would have to write several paragraphs about the telegram encryption algorithm.
If you want to use a better encrypted messaging for anything else, use keybase or if you absolutely want to use telegram, encrypt your content yourself.
But.. Is that enough?
Sure, 75% of them are satisfied with their services but that is not argumentative.
I will explain to you how it works.
Before inquiring about the security of a platform, do not ask them themselves because they will do everything to rationalize you and ensure the "best".
Telegram uses their own encryption protocol called "MTProto", MTProto uses the AES (Advanced Encryption Standard) algorithm for symmetric encryption.
To ensure data integrity -> MTProto uses the SHA-256 hashing algorithm. This algorithm produces a 256-bit digest of the message, which makes it possible to check if the data has been modified.
For secure key exchange -> MTProto uses RSA (Rivest-Shamir-Adleman). RSA is an asymmetric encryption algorithm that uses a pair of keys (public and private) to secure the exchange of symmetric keys between the parties.
Communication Security Protocols -> MTProto also integrates protection mechanisms against common attacks, such as replay attacks or man-in-the-middle attacks. This includes the use of temporary keys and key generation protocols.
If we now look at these encryption techniques we can see that multiple vulnerabilities have been found in the archived past and in the present:
-> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45312
Here is a slightly more detailed source: https://cve.netmanageit.com/cve/CVE-2023-45312
-> Published : 2023-10-10 21:15
As the vulnerability code indicates this specific vulnerability is recent.
-> CWE-94
This CWE code means "Improper Control of Generation of Code ('Code Injection')"
And this is part of a severe level vulnerability.
Telegram makes multiple updates to its protocol but this is not enough because what is encrypted is decryptable and there will always be a vulnerability.
I'll stop there because otherwise I would have to write several paragraphs about the telegram encryption algorithm.
If you want to use a better encrypted messaging for anything else, use keybase or if you absolutely want to use telegram, encrypt your content yourself.