all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Telegram could implement Forward Secrecy in their clients, but they choose not to

Add to bookmarks
Jan. 16, 2023, 5:46 p.m. | /u/lo________________ol

Privacy & Freedom in the Information Age www.reddit.com

I was recently linked [this document](https://arxiv.org/abs/2012.03141), which contains enlightening information about Telegram's default ("cloud chat") functionality.

> Cloud-based chats do not provide forward secrecy, though: if, at any time, the authorization key of one of the clients is leaked then *all* the messages exchanged by that client can be deciphered.

Interestingly, Telegram has the ability to implement PFS in their cloud chats, but they [choose not to do so](https://web.archive.org/web/20191115095043/https://core.telegram.org/api/pfs).

> This article is about Perfect Forward Secrecy in cloud chats... …

article authorization client clients cloud cloud-based forward key leaked messages perfect pfs privacy secrecy security telegram

Visit resource

More from www.reddit.com / Privacy & Freedom in the Information Age

YouTube's war against third party apps is just as ridiculous as its war on adblockers 3 hours ago | www.reddit.com
adblockers apps party privacy +3
Could an alternative countermeasure be data flooding? 4 hours ago | www.reddit.com
app collect companies data +9
What malware exists in firmware in Chinese made products? 4 hours ago | www.reddit.com
amazon america audits body +19
Google rolls back reCaptcha update to fix Firefox issues 8 hours ago | www.reddit.com
back firefox fix google +3
So, my work... 12 hours ago | www.reddit.com
business businesses client data +11
Why You Should Reconsider Playing League of Legends and Valorant: The Risks of Kernel-Level Anti-Cheat … 13 hours ago | www.reddit.com
anti-cheat awareness care cheat +10
House China panel asks FTC to probe whether TikTok violated child privacy law 13 hours ago | www.reddit.com
child china ftc house +6
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes 14 hours ago | www.reddit.com
crimes don hide privacy +1
One key to rule them all: Recovering the master key from RAM to break Android's … 19 hours ago | www.reddit.com
android encryption file key +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer - Detection and Response

@ Fastly, Inc. | US (Remote)
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Defensive Cyber Operations Engineer-Mid

@ ISYS Technologies | Aurora, CO, United States
View on infosec-jobs.com

Manager, Information Security GRC

@ OneTrust | Atlanta, Georgia
View on infosec-jobs.com

Senior Information Security Analyst | IAM

@ EBANX | Curitiba or São Paulo
View on infosec-jobs.com

Senior Information Security Engineer, Cloud Vulnerability Research

@ Google | New York City, USA; New York, USA
View on infosec-jobs.com
View more jobs