Techly NewsGet the app

Get the latest tech news

The most backdoor-looking bug I've ever seen (2021)


This is the story of a bug that was discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago. The bug didn't get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, it's the most backdoor-looking

Diffie-Hellman is a fundamental building block of many cryptosystems, and it allows two parties to establish a shared secret that any eavesdroppers can't derive. In a normal PitM, the server negotiates two separate Diffie-Hellman sessions with Alice and Bob, who end up with different shared keys, which they could detect by comparing fingerprints. Non-practitioners might think this is a reasonable defense in depth, belts and suspenders kind of thing, but in cryptography engineering adding complexity to defend against scenarios that lead to compromise anyway is simply pointless.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of backdoor

backdoor

Photo of looking bug

looking bug

Related news:

News photo

Attackers spread backdoor via eScan antivirus software update process

News photo

How Chinese firms are using Mexico as a backdoor to the US

News photo

Backdoor in XZ Utils That Almost Happened

« Chips and Cheese State of the Union
Object oriented design patterns in the Linux kernel (2011) »