Security experts have called the integrity of Telegram Passport into question. The identity scheme, which launched last week, provides a KYC service for ICO applicants, with personal documents protected by end-to-end encryption. Telegram’s decision to roll its own cryptography, however, has seen the communications giant come in for criticism.
Also read: Bitcoiners Hope to Have a Friend in Top US Regulator Jay Clayton
Never Roll Your Own
Rolling one’s own crypto is regarded as a big no-no in the infosec industry, as it’s liable to introduce vulnerabilities; just ask IOTA, who learned the hard way that crafting a bespoke algorithm is a recipe for disaster. Jackson Palmer was one of the first to call Telegram out for the practice, shortly after news of Telegram Passport broke, tweeting “You might want to think twice before uploading your identity documents to a service who rolled their own crypto and don’t support E2E encryption by default.”
The report concludes: “Cryptography’s most famous anonymous quote says “Don’t roll your own crypto!” Back in 2015, Telegram ran into similar criticism. In 2016, 15 million Telegram users’ phone numbers were revealed in Iran due to a user authentication flaw. Now it’s 2018 and with Telegram’s Passport, the quote has never been more true.”
If Your Telegram Data Is Accessed There Would Be No Way to Tell
Telegram Passport may not be intrinsically flawed, but there are evidently ways in which it could be reinforced for the reassurance of its users, and to enhance Telegram’s own reputation. As news.Bitcoin.com noted when first reporting on the scheme, “some Telegram users will naturally be concerned about entrusting their most intimate details to the platform, even with the promise of end-to-end encryption.” CEO Pavel Durov is a man of few words publicly, having tweeted to his 1.45 million followers less than 2,000 times since joining Twitter a decade ago. If he wishes to fend off fears about the security of Telegram’s encryption methods, he’ll need to break that silence.
Do you think concerns about the security of Telegram Passport are justified? Let us know in the comments section below.
Images courtesy of Shutterstock.
Need to calculate your bitcoin holdings? Check our tools section.
The post Experts Question the Security of Telegram’s New Passport Service appeared first on Bitcoin News.
Source: Bitcoin.com