Lemdro.id

-2 points

1 month ago

It’s open source. Look can up the encryption yourself.

report

[ - ]

Varcour@lemm.ee

21 points

1 month ago

No need, all you have to do is read the whitepaper. they home brewed the encryption algorithm and nobody actually knows if it’s worth a damn. That’s not exactly a secret.

report

Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com

[ - ]

4 points

1 month ago

And it isn’t even encrypted by default, you manually have to enable that. By default, all your plain text messages are stored on their servers.

report

[ - ]

3 points

1 month ago

nobody actually knows if it’s worth a damn.

After all these years, security researchers still don’t know if the encryption is any good?

report

[ - ]

HarriPotero@lemmy.world

11 points

1 month ago

On that level it usually falls on computer scientists. Formal methods can prove that any implementation is correct, but proving the absence of unintended attacks is a lot harder.

Needham-Schroeder comes to mind as an example from back when I was studying the things.

report

[ - ]

-1 points

1 month ago

On that level it usually falls on computer scientists.

And not a single one has been able to analyze the encryption in all these years? Fact is, Telegram is the tool the Russian opposition and even Ukrainians use to communicate without Putin being able to infiltrate.

report

[ - ]

HarriPotero@lemmy.world

2 points

1 month ago

No. It kind of falls on Dijkstra’s old statement. “Testing can only prove the presence, not absence of bugs.”

You can prove logical correctness of code, but an abstract thing such as “is there an unknown weakness” is a bit harder to prove. The tricky part is coming up with the correct constraints to prove.

Security researchers tend to be on the testing side of things.

A notable example is how DES got its mixers changed between proposal and standardisation. The belief at the time was that the new mixers had some unknown backdoor for the NSA. AFAIK, it has never been proven.

report

Show more comments

[ - ]

doodledup@lemmy.world

12 points

1 month ago

They don’t have reproducible builds afaik (unlike Signal). You can have a completely different code running on your phone than on GitHub.

Besides, who is using Secret Chat anyways? All default chats and group chats are unencrypted.

report

[ - ]

0 points

1 month ago

You can have a completely different code running on your phone than on GitHub.

Just use the F-Droid version if there is any doubt.

Besides, who is using Secret Chat anyways?

Probably Russians who used Signal before.

report

[ - ]

doodledup@lemmy.world

7 points

1 month ago

The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

report

[ - ]

1 point

1 month ago

The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

F-Droid builds from source, so any suspicion whether the Google Play version has been tampered is completely irrelevant for the F-Droid version.

report

[ - ]

Nonononoki@lemmy.world

1 point

1 month ago

It’s reproducible if you compare it with F-droid’s tarball, which has all the source code in it.

report

[ - ]

3 points

1 month ago

Can it be proven that that encryption is what’s used in practice?

report

[ - ]

-5 points

1 month ago

Just use the F-Droid version if there is any doubt.

report

Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com

[ - ]

2 points

1 month ago

What about iOS users?

report

[ - ]

1 point

1 month ago

What about iOS users?

Apple is not selling iPhones in Russia after the beginning of the invasion.

report

Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com

[ - ]

1 point

1 month ago

Ah yes, because everyone just throws away their phone after 2 years. People definitely haven’t purchased iPhones before the invasion.

report

[ - ]

1 point

1 month ago

It’s not about everyone, it’s about people needing to hide their communication from the Putin regime.

report