[Nottingham] [Talk] Thursday 17/09/2015 - RFI: A brainstormin' last post for email...

Joshua G Lock incandescant at gmail.com
Mon Sep 14 10:39:24 UTC 2015


> On 14 Sep 2015, at 10:31, Jason Irwin <jasonirwin73 at gmail.com> wrote:
> 
> On 13/09/15 23:36, Martin wrote:
>> The last post: Building your own mail server, part 1
>> http://www.theregister.co.uk/2015/09/12/feature_last_post_build_mail_server/
> There's also services like Tutanota (never used) and Telegram.

Danger! Telegram fails the first rule  of cryptography, don’t roll your own crypto. Many smart cryptographers are nervous about both Telegram’s crypto i.e. [1],[2] and the footnote in [3] and how they market (for want of a better term) themselves[4].

OpenWhisper Systems[5] and CryptoCat[6] are better options in that their systems have been reviewed & tested by the security community. Indeed several flaws were found and fixed in CryptoCat.

IANAC*,

Joshua

IANAC - I Am Not A Cryptographer

1. http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
2. https://gigaom.com/2015/01/12/researchers-slam-telegram-apps-visual-fingerprint-security/
3. http://blog.cryptographyengineering.com/2015/04/how-do-we-build-encryption-backdors.html
4. http://thoughtcrime.org/blog/telegram-crypto-challenge/
5. https://whispersystems.org/
6. https://crypto.cat/


More information about the Nottingham mailing list