Stories
Slash Boxes
Comments

Dev.SN ♥ developers

Former Whatsapp Users Bring Telegram to its Knees

posted by Dopefish on Sunday February 23 2014, @02:00PM   Printer-friendly
from the there-is-no-viable-alternative dept.
girlwhowaspluggedout writes:

"A mere three days after Mark Zuckerberg announced Facebook's acquisition of Whatsapp, the popular smartphone messaging app suffered a major service outage that lasted three and a half hours. Left to their own devices, Whatsapp users worldwide went rushing to its rival apps, including secure chat provider Telegram. The surge in new users quickly turned into a tidal wave that brought Telegram's service to its knees:

The SMS gateways we use to send registration codes are overloaded and slow 100 SMS per second is too much. Trying to find a solution.

In its official twitter, Telegram announced that more than 1.8 million new users had joined on Saturday, Feb 22. Four hours later, it reported an additional 800 thousand.

Telegram's messaging service, which uses 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie-Hellman secure key exchange, began enjoying a spike in popularity after Whatsapp's acquisition. Although it has released the source code for its java libraries and all its official clients, its server software is still closed source."

 
This discussion has been archived. No new comments can be posted.
Former Whatsapp Users Bring Telegram to its Knees | Log In/Create an Account | Top | 1000 moderator points   | 39 comments | Search Discussion
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by Fnord666 on Sunday February 23 2014, @03:30PM

    by Fnord666 (652) on Sunday February 23 2014, @03:30PM (#5290)

    Secure key exchange is still hard or inconvenient for most people.

    Really? From the telegram FAQ:

    When a secret chat is created, the participating devices exchange encryption keys using the so called Diffie-Hellman key exchange. After the secure end-to-end connection has been established, we generate a picture that visualizes the encryption key for your chat. You can then compare this image with the one your friend has. If the two images are the same, you can be sure that the secret chat is secure and no man-in-the-middle attack can possibly succeed.

    Seems pretty simple to me.

    Starting Score:    1  point
    Moderation   +4  
       Informative=3, Underrated=1, Total=4
    Extra 'Informative' Modifier   0  
    Total Score:   5  

  • (Score: 2) by Nerdfest on Sunday February 23 2014, @04:17PM

    by Nerdfest (80) on Sunday February 23 2014, @04:17PM (#5298)

    This assumes that the initial key exchange was secure, and I'm guessing that it's done thought Telegram. If Telegram does the initial key exchange, can't it still happen?

    • (Score: 0) by Anonymous Coward on Sunday February 23 2014, @06:35PM

      by Anonymous Coward on Sunday February 23 2014, @06:35PM (#5344)

      According to your friendly neighbor Wikipedia, the Diffie-Hellman key exchange method [wikipedia.org] "allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel".

      • (Score: 1) by TheLink on Monday February 24 2014, @02:17AM

        by TheLink (332) on Monday February 24 2014, @02:17AM (#5599)
        Doesn't prevent MITM. You may think you are talking to B but actually you are talking to C and C is talking to B. So you to C is "secure" and C to B is secure. But you to B is not.

        But if you can trust your software clients the picture stuff does give some sort of plausibility if you verify them over a different channel (or you directly verify the keys over that channel).

      • (Score: 1) by chromas on Monday February 24 2014, @02:36AM

        by chromas (34) on Monday February 24 2014, @02:36AM (#5608)

        There, fixed Slash's misteak (blame β)

  • (Score: 1) by TheLink on Monday February 24 2014, @02:42AM

    by TheLink (332) on Monday February 24 2014, @02:42AM (#5613)
    A talks to B but C MITMs them.

    A -> C "hey my pic is a 'cow' what's yours?"
    C -> A "my pic is a cow too"
    A -> C "all secure then!"
    C -> B "hey my pic is a 'pig' what's yours?"
    B -> C "my pic is a pig too"
    C -> B "all secure then!"

    Much easier if it's text messages. Harder for voice - since delays become more noticeable.

    And if B started telling bacon jokes regarding the pig pic it becomes a lot more work, but C might be able to tell B to focus on stuff that's easier to "pass-through" without rewrites.

    Of course you could use another channel to do the verification, but how would you arrange that without being MITMed again? :)

    • (Score: 1) by LM-Els on Monday February 24 2014, @03:59AM

      by LM-Els (2466) on Monday February 24 2014, @03:59AM (#5666)

      The image they use is actually closer to a QR thing than a describable image. You'll have to send screenshots.
      Not saying that a MITM can't alter those, but it does become a little less easy than simply cow vs pig. And you could send the screenshots via email to bypass a Telegram MITM.

      • (Score: 1) by TheLink on Tuesday February 25 2014, @02:47AM

        by TheLink (332) on Tuesday February 25 2014, @02:47AM (#6437)
        If it's closer to a QR thing MITMing it might actually be easier to automate than the cow/pig thing. Assuming you don't do checking via other channels.