Hacker News new | past | comments | ask | show | jobs | submit login

>It is fixed now, though

I think this is utterly irrelevant. Telegram deliberately shipped a backdoor, removing it after they got caught doesn't change anything at all.

>which the thread does not conclusively say, just "backdoor looking" which sounds like either Telegram invented some unknown crypto that allows them to create a backdoor without anyone else having access, or an unfortunate mistake

Look, I'm not going to speculate on what some individuals may or may not think about this in private. However, many people would not be comfortable making such direct accusations in public.

>though I would not put it as black and white as "they backdoored it" when that is not actually certain

This is as certain as it could ever be, I'll refer you to this comment that worded the explanation better than I would https://news.ycombinator.com/item?id=17621104

If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

What do you think would be sufficient evidence to call this a backdoor?

>If you want to put it like that, you could also say that every vulnerability in the world could have been placed there intentionally

That assumes this was anything like every other vulnerability, which isn't true.




So I disagree with a lot of what you wrote, but the basic claim about the backdoor was something I am interested in so I clicked through and translated some of the Russian.

That totally looks like a backdoor.

How is this not common knowledge? Like, if the reason is indeed against a bad RNG, then why not xor the server's "random" number into the private key instead? Since the server does not know the value of that (as opposed to the shared key it establishes with Bob) and (if my limited understanding of math is sufficient) the private key is what is protected by the discrete logarithm problem, there should (afaict) be no possibility of backdooring the resulting shared secret. You would be mixing the server's number into a random number, which with xor gives an equally unpredictable result. Or, y'know, solve the badly seeded RNG by adding a seed to the RNG (such as by xor'ing an output of the current state with the number from the server).

It looks like I started using Telegram about four months after this was posted on Habr, and I think I was relatively early in using it. Maybe Telegram just wasn't very well-known yet and therefore nobody cared enough to make a big issue about it? "Backdooring" is also quite a hype word, I noticed somewhere last year that every third vulnerability was being called a backdoor, so perhaps tech media wasn't as quick to use that word back then? Then again, the Snowden leaks were ongoing, so it's not as if mainstream tech media wasn't talking about backdoors already in December 2013. I don't know, it's weird, this totally looks like it could have been designed in a million different ways and this is quite likely to be intentional.

Thanks for the link to a post which links to the technical details (albeit in Russian) complete with an example of how it could be exploited, that is indeed what I "think would be sufficient evidence to call this a backdoor".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: