Telegram Messenger - secure, free messaging for iPhone and Android

Telegram Messenger - secure, free messaging for iPhone and Android.

-- Tom

 

They are cloud based...

 

A blog post on this app:
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
There is a discussion with a dev in the comments, perhaps someone who has a good understanding of crypto can comment on that?

 

the problem of all these (I think also about Wickr, etc.) is that nearly nobody uses them. It's the same story of GPG....effective but unusable.

 

Yes, but perhaps that will change a bit with Facebook acquiring Whatsapp. Two people I know switched to Telegram today because of this, even though they both use Facebook and Whatsapp.
If enough people can convince their contacts to use a secure alternative, then it can get a foothold. Then the argument that nobody uses them becomes less valid and it can slowly grow towards becoming more mainstream.

 

Hi BMW,

The linked article in your post said it all:

-- Tom

 

Yes I know, but the developer counters most of it in the comments and they offer $200.000 bounty to break it:
https://telegram.org/crypto_contest

 

Just found another app:

https://www.myenigma.com/

i've installed it to try it, but I have no contacts using it...

 

Saw that one too, but this doesn't give much confidence:
https://www.ssllabs.com/ssltest/analyze.html?d=www.myenigma.com

 

ok, but is that report relevant to their website or to their app?

 

It's about the website so not that important, but if the devs have good crypto knowledge why support obsolete, weak ciphers?

 

Right.

Meanwhile, another comment on Telegram:

http://thoughtcrime.org/blog/telegram-crypto-challenge/

 

Telegram Saw 8M Downloads After WhatsApp Got Acquired

http://techcrunch.com/2014/02/24/telegram-saw-8m-downloads-after-whatsapp-got-acquired/

 

To me, it is totally confusing that crypto folks "assume" closed-source software and service Threema is secure, yet bash Telegram Messenger. Just because Threema has a bunch of famous names to through around and some fancy pants NaCl encryption, doesn't mean the implementation is secure. Has it been independently audited? If a third-party has not yet audited a paid service such as Threema, that is bad form. I asked the same thing of the MyEnigma folks and received no response.

I don't think Threema is the right chat software for the masses, whom WhatsApp and Telegram are designed. There are entry barriers for Threema: closed-cource crypto, up front fee and re-establishment of the social graph to name a few.

Enter Telegram Messenger. So they rolled their own crypto? I think that's innovative and that's what irks the crypto "experts". Telegram appears to be using "old" or "weak" or "confusing" crypto according to the "experts". A bunch of math wizzes cooked up the crypto for Telegram. They have documented their system. They invite feedback and hacking. Has anyone actually broken their crypto?

This is the main point. I am starting to become very suspicious of the crypto "experts" on the Internet who attack the theory or design with no proof of the actual implementation being insecure. Reading their theoretical analysis on Telegram confuses the layman. My take is the reason Telegram devs chose to roll their own crypto is purposefully avoiding the popular and newest forms of crypto, like the stuff Moxie has done with TextSecure. It seems crypto "experts" are uninterested in old crypto used in innovative new ways. But maybe I am just naive?

Where is the proof messages are intercepted and read by someone other than the intended recipient? IMHO, all other arguments regarding Telegram's crypto are moot until then.