Man
Professional
- Messages
- 3,087
- Reaction score
- 627
- Points
- 113
A couple of days ago, Elon Musk recommended using the Signal messenger on Twitter, not without consequences.
However, in December 2020, the media reported that the well-known hacker company Cellebrite had cracked the encryption of this crypto-messenger.
Readers prefer not Signal at all for secret correspondence, but secret Telegram chats (at least among those who took part in our survey).
First, we need to talk about the Signal encryption "hack". It turned out that the scientist had raped the journalist out of habit. Not only did Cellebrite fail to crack the encryption, but they never claimed to, and all the hype came from an article on the BBC website with a clickbait headline, because journalists misunderstood the essence of the Cellebrite article.
Cellebrite probably has qualified specialists. Their equipment and software are used in forensic examination, specifically, to extract the contents of confiscated smartphones by law enforcement agencies around the world (see the company's leaked customer database).
But in this case, Cellebrite disgraced itself a little - and by now has deleted the article, or rather, reduced it to a summary without technical details under a different headline (although at first, this address actually returned a 404 error). In order not to provoke such hype.
True, the article itself was a bit pompous and funny. A loud headline. And there are such pearls:
That is, the experts proudly told about their achievements, but they were laughed at. The conversion of the message history from the dump to a text file was given under the heading "Code Cracking", and the simplest things were described with such pathos that it looks like satire. Well, and then the story was misinterpreted in the media, which did not understand what was being discussed at all.
In fact, the open source messenger Signal is still considered one of the most secure. Its protocol has passed a security audit. The author of the program, Moxie Marlinspike, compares the "hacking" of Cellebrite to taking an unlocked phone and launching any application on it - and thereby allegedly hacking the encrypted system. Or if a person who has a key and a lock at his disposal was considered a lock picker.
No one doubts the security and safety of the Signal protocol. The completely open source code of all clients only adds reliability to the entire system.
Well, what can be said about the MTProto 2.0 protocol in Telegram? Here is a description of the part that is used for end-to-end encryption, that is, for secret chats. Separate scientific groups analyzed the security layer of the first version of MTProto, and the results were extremely disappointing, or rather catastrophic. Many serious errors were found. Of course, Telegram developers fixed these shortcomings in the second version. For example, they switched from SHA-1 to SHA-256 and so on. The scheme looks beautiful.
But the second version has not yet been tested by any independent cryptographers or scientific institutes, as far as we know.
Therefore, in terms of encryption quality and reliability, the choice remains in favor of Signal. It looks like Elon is right.
Source
However, in December 2020, the media reported that the well-known hacker company Cellebrite had cracked the encryption of this crypto-messenger.
Readers prefer not Signal at all for secret correspondence, but secret Telegram chats (at least among those who took part in our survey).
First, we need to talk about the Signal encryption "hack". It turned out that the scientist had raped the journalist out of habit. Not only did Cellebrite fail to crack the encryption, but they never claimed to, and all the hype came from an article on the BBC website with a clickbait headline, because journalists misunderstood the essence of the Cellebrite article.
Cellebrite probably has qualified specialists. Their equipment and software are used in forensic examination, specifically, to extract the contents of confiscated smartphones by law enforcement agencies around the world (see the company's leaked customer database).
But in this case, Cellebrite disgraced itself a little - and by now has deleted the article, or rather, reduced it to a summary without technical details under a different headline (although at first, this address actually returned a 404 error). In order not to provoke such hype.
True, the article itself was a bit pompous and funny. A loud headline. And there are such pearls:
That is, the experts proudly told about their achievements, but they were laughed at. The conversion of the message history from the dump to a text file was given under the heading "Code Cracking", and the simplest things were described with such pathos that it looks like satire. Well, and then the story was misinterpreted in the media, which did not understand what was being discussed at all.
In fact, the open source messenger Signal is still considered one of the most secure. Its protocol has passed a security audit. The author of the program, Moxie Marlinspike, compares the "hacking" of Cellebrite to taking an unlocked phone and launching any application on it - and thereby allegedly hacking the encrypted system. Or if a person who has a key and a lock at his disposal was considered a lock picker.
No one doubts the security and safety of the Signal protocol. The completely open source code of all clients only adds reliability to the entire system.
Well, what can be said about the MTProto 2.0 protocol in Telegram? Here is a description of the part that is used for end-to-end encryption, that is, for secret chats. Separate scientific groups analyzed the security layer of the first version of MTProto, and the results were extremely disappointing, or rather catastrophic. Many serious errors were found. Of course, Telegram developers fixed these shortcomings in the second version. For example, they switched from SHA-1 to SHA-256 and so on. The scheme looks beautiful.
But the second version has not yet been tested by any independent cryptographers or scientific institutes, as far as we know.
Therefore, in terms of encryption quality and reliability, the choice remains in favor of Signal. It looks like Elon is right.
Source
Last edited:
