I first wrote about Telegram Messenger February 25 (link). As soon as I published my article, readers started asking me "how secure Telegram Messenger really is". The answer is not that secure. But then again, Whatsapp isn't a super secret messenger either.
Most users aren't transmitting state secrets so ultra protection really isn't really a requirements. But for those that are interested, Telegram Messenger's security is not verifiably secure. Personally, I would not rely on it if I wanted to share something confidential.
If you are not interested in security, stop here and go about your day with this new knowledge.
They claim the protocol was designed by world leading mathematicians. Maybe but it shows a clear lack of understanding about basic cryptography constructs.
- The SHA1 function is cryptographically broken (it has been theoretically broken which means it shouldn't be used). There are many other replacement functions that are just as fast but much more securre. Bruce Schneier had a 2005 article on SHA-1 being broken that you should read if interested (link).
- They are doing "Mac and encrypt" instead of "Encrypt and MAC". Message Authentication Code is a way to verify that the message wasn't tampered with. In the model used by Telegram Messaging, a padding oracle trick can be used by an attacker to find the plaintext message. The ideal model is encrypt then MAC. In this model the message is encrypted and then a MAC is performed. If the MAC test fails on the recipients device, the message is not decrypted and is discarded (meaning no padded oracle trick). An attacker can't forge a MAC without knowing the encrypted session key.
- They are using their own cipher called "Infinite Garble Extension" which is a horrible idea when there are already time tested and proven ciphers available.
- No public key authentication
Overall Telegram Messenger is clean and fairly well designed (from a user perspective) and many have migrated over to it (after the major Whatsapp crash and then the Facebook acquisition). You should use it for its features but not because it is ultra-secure (which it is not).
Personally, I use Hangouts & Whatsapp when security isn't a critical requirement and Threema (link) when security is paramount. I like the fact that Threema is cross platform and only requires a one-time fee ($2).