OK, nije da ti (namjerno) proturječim, samo velim, previše toga se još uvijek događa povezano s Telegramom da bi cijela stvar (barem meni) djelovala sigurno.
Jasno da je vrlo vjerojatno sigurniji od aplikacija koje društvene mreže guraju u svojim paketima, ali jednostavno se nakupilo uspješnih iskorištavanja Telegrama u kojekakve maliciozne svrhe.
Znaš da većina prosječnih korisnika samo instalira aplikaciju bez da uopće ulaze u postavke, a Telegram nema po defaultu uvijek uključenu enkripciju. Mada tak svejedno. Odavno je otišla privatnost kroz prozor Interneta.
Citiraj:
Citiraj:
|
Also, particular attention must be paid to side-channel attacks, such as on timing or traffic analysis. A potential issue concerning the correct implementation of clients is about the fact that a server can craft malicious DH parameters, e.g., choosing generators that make discrete logarithms significantly easier to compute or choosing non-primes that pass the 15-round Miller-Rabin test. To prevent the first attack, MTProto prescribes that clients verify that the values received from the server are valid. However, as far as we can see, MTProto 2.0 still suffers from the latter vulnerability. A possible improvement is to require clients to check the proposed primes by means of deterministic primality algorithms, such as AKS and Lenstra-Pomerance. Correct user behaviour is crucial in order to prevent MITM attacks in secret chats.
|
Izvor: Automated Symbolic Verification of Telegram’s MTProto 2.0
|