How Telegram Encryption Works

Asked

Viewed 741 times

5

I’m analyzing that Telegram uses encryption end-to-end and I’m trying to understand how they get such a fact, they make everything available documented but my English is not so good and Google Translator shuffles me enough.

Link access: https://core.telegram.org/mtproto/description

I won’t ask you to study the description and tell me, so I separated my doubts, which are not many (I think).

Come on --

Before a message (or a concatenated message) that is being transmitted on a network using a transport protocol, which is encrypted in a certain way, [...]

At this point when he says it is encrypted in a certain way, I believe he referred to HTTPS/SSL to encrypt traffic, correct?

[...] and an external header is added at the top of the message that is: a 64-bit key identifier ( shape identifier single an authorization key for the server as well as the user) and a 128-bit message key.

I had two crucial doubts there,

1 - The header is encrypted along with network transmissions?

2 - What are these added keys for, what will they decrypt?

A user key along with the message key set a real 256-bit key and a 256-bit boot vector, which is what encrypts the message using AES-256 encryption, with extension garble infinity (IGE). [...]

It’s kind of confusing to me, he used the user key (I think it’s the user identifier) and the message key...? I didn’t understand.

Note that the initial part of the message is encrypted and contains variable data (session, message ID, sequence number, salt server) which obviously influences the message key (and thus, the AES key and iv). The message key is defined as the 128 bits of lower order of SHA1 of the message body (including session, ID message, etc.) multi-party messages are encrypted as a single message.

He meant that what was encrypted contains variable data (session, message ID, sequence number, server salt) What is server salt? And why these variant data influence the message key (the message key is the correct decryption?)

Telegram

1 answer

5


At this point when he says it is encrypted in a certain way, I believe he referred from HTTPS/SSL to encrypt the traffic, correct?

No, it speaks of TCP, HTTP or other protocol as shown in the diagram. It could even be HTTPS but it probably isn’t. What you need to understand is that this is an application that might use some web technologies but it’s not made for the web. And security/privacy is given in the application layer. So the transport does not need to be encrypted, the application takes care of doing this.

As I explained earlier in other answers on the subject using the application layer is the only way to do "end-to-end".

1 - Header is encrypted together with network transmissions?

From what I understand in the diagram, no, and I probably wouldn’t have been able to do this.

2 - What are these added keys for, what will they decrypt?

I would have to study the protocol more deeply. I will be indebted. But the more information that helps verify authenticity, the better.

It’s kind of confusing to me, he used the user key (I think it’s the user identifier) and the message key...? I didn’t understand.

If you cannot understand the whole diagram and the explanations you will have difficulty doing the right thing if you want to reproduce the same mechanism. I will repeat something I said a few times. Doing something safe is complex saddlebag and requires specific experience in the area. Will doesn’t get results. I even hope that a security expert can give correct and easy to understand answers but even with this information it will not be easy to do correct without a deep understanding of how cryptography works, key exchange, etc. Actually with this understanding, it will probably be simple to understand this protocol.

He meant that what was encrypted contains variable data (session, message ID, sequence number, server salt) What is server salt?

According to the definition that he provided just below the diagram is a server that provides keys to salt which are exchanged periodically. These keys are used to prevent certain types of attack such as Replay Attack. If I’m not mistaken the mgibsonbr gave an example of this in one of his answers on the subject.

The amount of possible attacks is large and something new always comes up. Something is safe until the day it ceases to be. Have to be attentive to everything that happens because security requires very experienced experts.

and why these variant data influence the message key (the message key is what the decryption correct?)

With varying data becomes more difficult attackers have managed to solve the puzzle. Mobile targets are harder to hit than fixed targets. This is one of the security bases.

The message key is one of the components to achieve the decrepitation.

End-to-End encryption

I have not read all and do not know if what they provide is or may be called end-to-end. I don’t know how much they don’t inject back-door in this. They have control over much of the process, I do not know if this is reliable. In theory it is possible.

They say they can use it on the web. How does this happen between points directly? Are there intermediaries in this case? If there is, does it affect anything? Just studying his whole operation to understand if he really can.

Reliance

Putting all the eggs in the same basket, or letting one person have control over the whole process will hardly guarantee the much-sought-after safety end-to-end. It’s even possible but you have to trust the supplier.

When you use parts necessary for the security of completely different suppliers, with different interests, and mainly that are publicly audited, which does not seem to be the case with this service, it is already easier to trust.

Hence give a single, easy and ready-to-use solution and say that this is end-to-end seems like a fallacy to me. Not that I’ve seen them bring it up except me chats specific that I have doubts whether it can be done by the web or whether they fulfill everything they say.

Criticism of the service description

There are descriptions that show that this is not absolutely true. In the FAQ it shows that they rely on the application, at the tip to give certain guarantees, which is naive. I even understand that you can’t guarantee complete security, someone might even put a gun to someone’s head on the other side and violate security. But they try to give the impression that there is no way the information can be passed on to third parties even after reaching the tip. I know they understand this but they publish it in a way that the layman buys something - on his own - which is not exactly how it looks in the description.

Even the definition of end-to-end does not ensure that third parties have access to the information if one of the two ends involved in the secure communication end-to-end provide access. You can’t talk to someone and ensure that no one else will have access to what you write to the other side. This is physically impossible. The idea of information destroying itself borders on ridicule. Only the bytes that generated it will be destroyed, not the information.

Complete secret only what doesn’t come out of a person’s brain, and look there :)

Completion

There is provided useful information for your studies on the subject which is the algorithm Diffie-Hellman key exchange. Ali must show how to exchange keys without interference from third parties, which is essential to the goal. Still I doubt that can be done by the web. There are indications on FAQ that does not give.

Anyway, it seems to be more a case of marketing trying to make a common product pass as if it were something revolutionary. Perhaps the only innovation is a greater ease to achieve privacy end-to-end in certain circumstances. But I do not know if this does not produce some disadvantages or loopholes.

  • Hi, after studying a little what you provided me I got some technical doubts about this FAQ, I can update or post new question ?

  • Yes, new question. If you keep changing a question becomes a forum. Here the questions should be self-contained and with closed scope.

  • I will lead a new question, thank you again

  • A question about this same, still confused about what is the salt server, I read your question but I could not make the connections

  • I also don’t know exactly what it is, it seems to be something specific to their architecture. From what I understand the salt codes are modified frequently and to get an updated code must resort to the server.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.