logo
episode-header-image
Sep 2024
1h 4m

Telegram with Matthew Green

Deirdre Connolly, Thomas Ptacek, David Adrian
About this episode

We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!


Transcript: https://securitycryptographywhatever.com/2024/09/06/telegram

Links:

- https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
- Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit
- Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf
- MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end
- https://words.filippo.io/dispatches/telegram-ecdh/
- MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation
- OTR: https://otr.cypherpunks.ca/otr-wpes.pdf
- AES and sha2 used in ‘Infinite Garble Extension’ mode: https://eprint.iacr.org/2015/1177.pdf
- Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666
- History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture
- https://securitycryptographywhatever.com/2023/01/27/threema/
- https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/
- https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014


"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Up next
May 19
E2EE Storage Done Right with Matilda Backendal Jonas Hofmann and Kien Tuong Trong
It seems like everyone that tries to deploy end-to-end encrypted cloudstorage seems to mess it up, often in new and creative ways. Our specialguests Matilda Backendal, Jonas Hofmann, and Kien Tuong Trong give us a tour through the breakage and discuss a new formal model of how to ... Show More
1h 2m
Mar 2025
Picking Quantum Resistant Algorithms
Migrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody. "Security Cryptography Whatever" is hosted by Deirdre Connolly ... Show More
14m 56s
Feb 2025
Apple Pulls Advanced Data Protection in the UK with Matt Green and Joe Hall
Apple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however.  To help us make sense of this surprising move from the fruit company, we got Matt Green, Ass ... Show More
48m 30s
Recommended Episodes
Sep 2024
How Telegram Became the Underworld’s Favorite App
A Times investigation has found that Telegram, one of the world’s biggest messaging apps, with nearly a billion users, is also a giant black market and gathering place for the likes of terrorists and white supremacists.Adam Satariano, a technology reporter for The Times, discusse ... Show More
25m 45s
Sep 2024
The Telegram case: Privacy vs security
What are the limits of privacy when it comes to our online lives? If authorities are investigating a crime, should they be able to access private messages sent between two individuals? In this episode of Tech Tonic, John Thornhill interviews Eva Galperin, director of cybersecurit ... Show More
27m 50s
Sep 2024
The Telegram case: Pavel Durov
The FT’s Innovation editor John Thornhill and San Francisco tech correspondent Hannah Murphy have in the past both met and interviewed Pavel Durov, the secretive founder of Telegram who was arrested in France for alleged failure to address criminality on the messaging app. In the ... Show More
34m 52s
Aug 2024
Telegram’s nightmare week
Telegram CEO, Pavel Durov, is under investigation over criminal activity on the messaging app. He spent four days in detention after being arrested when arriving in France and is now barred from leaving the country.Sumi Somaskanda speaks to the BBC's Cyber Correspondent, Joe Tidy ... Show More
26m 35s
Nov 2024
Le Gouvernement français à fond sur l’app Signal ?
L’été a été marqué par l’arrestation de Pavel Durov, le fondateur de Telegram, par les autorités françaises. Bien que le milliardaire franco-russe ait depuis coopéré avec l’État, l’application continue de traîner une mauvaise réputation. En témoigne une nouvelle circulaire adress ... Show More
2m 1s
Sep 2024
Telegram : accès libre aux IP et numéros de téléphone pour les autorités ?
Le patron de Telegram, Pavel Durov, semble avoir opéré un tournant radical depuis qu'il est sous la supervision de la justice française et interdit de quitter le territoire. Connu pour sa résistance aux autorités, il coopère désormais pleinement avec les demandes légales. Ce chan ... Show More
1m 49s
Sep 2024
What's Behind the Arrest of the Telegram CEO?
Pavel Durov, the CEO of the messaging app Telegram, was arrested in France last month. He was charged with a host of crimes, including complicity in distributing child pornography, illegal drugs and hacking software on the app. Matthew Dalton reports on how the charges represent ... Show More
21m 43s
Aug 2024
Telegram : pourquoi ce réseau social inquiète-t-il autant les autorités ?
Pavel Durov, le patron du réseau social Telegram, a été arrêté et placé en garde à vue par la justice française samedi 24 août 2024. Une information judiciaire portant notamment sur des faits commis en bande organisée a été ouverte. Elle met en lumière les multiples controverses ... Show More
4m 24s
Sep 2024
SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?
Telegram puts End-to-End Privacy in the Crosshairs Free security logging is good for everyone CrowdStrike hemorrhaging customers Microsoft to meet privately with EDR (Endpoint Detection & Response) vendors Yelp's Unhappy with Google Telegram as the hotbed for DDoSass – DDoS as a ... Show More
2h 9m
Oct 2024
Signal’s Meredith Whittaker on Surveillance Capitalism, Text Privacy and AI
What do cybersecurity experts, journalists in foreign conflicts, indicted New York City Mayor Eric Adams and Drake have in common? They all use the Signal messaging app. Signal’s protocol has been the gold standard in end-to-end encryption, used by Whatsapp, Google and more, for ... Show More
1h 6m