The recently released personal identification authorization tool Telegram Passport from messenger app Telegram is vulnerable to brute force attacks, according to an Aug. 1 report by cryptographic software and services developer Virgil Security, Inc. On July 26, Telegram announced the launch of Telegram Passport designed to encrypt users' personal ID information and let them share their ID data with third parties such as initial coin offerings ICOs, crypto wallets, and anyone complying with know your customer regulations.
Users' data is kept on the Telegram cloud using end-to-end encryption, subsequently moved to a decentralized cloud, which cannot decrypt personal data as it is seen as "Random noise." However, in their recent research Virgil Security raised concerns about password protection in the service.
According to Virgil Security, Telegram uses SHA-512, a hashing algorithm that is not meant to hash passwords.
This algorithm reportedly leaves passwords vulnerable to brute force attacks, even if it's salted.
In cryptography, a salt is random data added as an extra secret value to the end of the input, which extends the length of the original password, providing some additional protection.
When a user encrypts personal data, it is reportedly uploaded to the Telegram cloud, and when a user needs to confirm authenticity on a third party service, they decrypt that data and re-encrypt it for that service's credentials.
All these factors reportedly contribute to potential exposure of a user's password hash table to very efficient hacker attacks.
"The security of the data you upload to Telegram's Cloud overwhelmingly relies on the strength of your password since brute force attacks are easy with the hashing algorithm chosen. And the absence of digital signature allows your data to be modified without you or the recipient being able to tell."
In March, founders of Telegram, Pavel and Nikolai Durov reported they had raised $850 million in the second round of their ICO aimed at the development of the Telegram messenger app and its own blockchain platform Telegraph Open Network.
Later in May, Telegram's plan to launch an ICO was canceled due to the fact that the messaging app had attracted enough funds during their two private ICO rounds.
Research: Telegram Passport Is Vulnerable to Brute Force Attacks
Udgivet den Aug 2, 2018
by Cointele | Udgivet den Coinage
Coinage
Seneste nyheder
Se alt
First Mover: What's Next for Bitcoin as Wall Street Gets Vaccine Booster
Bitcoin was higher for a second day, staying in a range of between roughly $15,200 and $15,600, as news of progress in developing a coronavirus vaccine appeared to touch off a rally in U.S. stocks.
Market Wrap: Bitcoin Fails to Break $15.9K; Over 50K ETH Staked on Eth 2.0 Contract
Bitcoin gained Wednesday while Ethereum 2.0 staking has been ramping up.
Citibank Analyst Says Bitcoin Could Pass $300K by December 2021
A senior analyst at U.S.-based financial giant Citibank has penned a report drawing on similarities between the 1970s gold market and bitcoin.
Blockchain Bites: Data Unions. Hard Forks. And One Citi Analyst's Case for $300K BTC.
A Citibank managing director thinks bitcoin could hit $318,000.