Reports Suggest Telegram Passport Has Brute-Force Vulnerabilities
Aug. 3, 2018Telegram recently launched the Telegram Passport, which allows you to store your real-world IDs (or documents) online for easy sharing with services that require you to prove your real identity.
However,recent reports suggest that the personal identification authorization tool is actually quite vulnerable to brute force attacks.
According to a report by cryptographic software and services developerVirgil Security, Inc., users’ data is kept on the Telegram cloud using end-to-end encryption, subsequently moved to a decentralized cloud, which cannot decrypt personal data as it is seen as “random noise.”
However, Telegram uses SHA-512, a hashing algorithm that is not meant to hash passwords. This algorithm reportedly leavespasswords vulnerable to brute force attacks, even if they are salted.
For those of you unaware, a salt is random data added as an extra secret value, which extends the length of the original password, providing some additional protection.
To sum things up, Telegram Passport is a great tool which has been let down due to its security flaws. As the report itself concludes,“the security of the data you upload to Telegram’s Cloud overwhelmingly relies on the strength of your password since brute force attacks are easy with the hashing algorithm chosen”.
This isn’t an interview! Why am I being asked to tell you about myself? :P Well, if you really wanna know, I’m currently trending worldwide on #BeingMirchi. Buy me a beer if you like my work. Cheers!
