Hacker News new | past | comments | ask | show | jobs | submit login

Data that is transmitted or stored along with the keys is effectively plaintext, which Telegram does. The data is effectively plaintext on my device, at Telegram, and on the group members' devices, even if it is not plaintext in-between.

Data I send to a website over TLS is effectively plaintext on my computer and on the other side; in transit, it is not.

It all comes down to your threat model. Encryption does not protect information from entities who hold the keys to decrypt that information.




> stored along with the keys

It's not. They use a split-key encryption system so it's not exactly the same as storing the keys where the data is.

> It all comes down to your threat model. Encryption does not protect information from entities who hold the keys to decrypt that information.

I agree, which is why I'll say that the bottom line is:

Are auditable E2EE algorithms stronger in security than cloud encryption? Yes. Is MTProto 2.0 Cloud Encryption plaintext? No.


> It's not. They use a split-key encryption system so it's not exactly the same as storing the keys where the data is.

Yes, again, it all comes down to your threat model. No one can kick down the door and get to the keys.

But Telegram can get to all the keys, and thus can be legally expected to. The data is effectively plaintext to Telegram.

> Is MTProto 2.0 Cloud Encryption plaintext? No.

Just to note: "effectively plaintext" has been in use for a couple of decades as a term of art. We don't say it's plaintext, because it's not. It means there's effectively no security properties lent by the encryption.

For example, my web browser encrypts a few passwords for me and stores them on disk, but doesn't need a cryptographic secret from me to decrypt them; they're effectively plaintext, because no one has to break any encryption to read them.

Indeed, here's a thread on HN from 2013, where Durov is participating, where people are using "effectively plaintext" in exactly this way to describe exactly what we're talking about: https://news.ycombinator.com/item?id=6937097


Browsers should be interacting with the OS to require something (like your system password, Touch ID, etc.) to have unlocked the vault before being allowed to auto complete.


Yup, in the best case you have a truly secure container of keys somewhere. That takes things away from being effectively plaintext.


Yeah, I don't doubt that it can be improved. I hope it does because Telegram is not a fringe messenger anymore. There can be improvements made to the infrastructure, so that they don't keep facing these issues again and again.


> Yeah, I don't doubt that it can be improved.

There was no discussion of whether it can be improved. I was just telling you that it meets the established understanding of the term "effectively plaintext," which you were seeming to disagree with.

Have a good rest of your day.


> which you were seeming to disagree with.

Yeah, I would still disagree because everything is effectively plaintext in the end. The only difference is how you derive the key. There are levels of encryption, that is true but I think calling an actual encryption as 'effectively plaintext' is wrong.

> Have a good rest of your day.

Thank you! You too :D


> The only difference is how you derive the key.

Telegram CEO has access to all keys and therefore all chats. Matrix foundation has no such access. These two examples should explain the difference between "effectively plaintext" and e2ee. The main difference is not how someone derives the key. It's who can do it.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: