К вопросу о надежности криптографии телеграма: можно было переставлять сообщения местами в обычных чатах, о чем сообщает Security Analysis of Telegram (Symmetric Part).
Там ещё несколько атак, менее практичных.
For most users, the immediate risk is low, but these vulnerabilities highlight that Telegram fell short of the cryptographic guarantees enjoyed by other widely deployed cryptographic protocols such as TLS. We made several suggestions to the Telegram developers that enable providing formal assurances that rule out a large class of cryptographic attacks, similarly to other, more established, cryptographic protocols.
Телеграм не чинит проблемы с безопасностью отдельными релизами и не хочет security advisory:
We were informed by the Telegram developers that they do not do security or bugfix releases except for immediate post-release crash fixes. The development team also informed us that they did not wish to issue security advisories at the time of patching, nor commit to release dates for specific fixes. As a consequence, the fixes were rolled out as part of regular Telegram updates.
И мне нравится этот пассаж:
“Don’t roll your own crypto” is a common mantra issued when a cryptographic vulnerability is found in some protocol. Indeed, Telegram has been the recipient of unsolicited advice of this nature. The problem with this mantra is, of course, that it sounds like little more than gatekeeping. Clearly, some people need to roll “their own crypto” for cryptography to be rolled at all.
Сам пейпер (Four Attacks and a Proof for Telegram) не читал, но было бы любопытно.