An interesting cryptography bug found in 2013 in #telegram MTproto that was just screaming "backdoor" by its looks
@kravietz
In theory they can't do much with the nonce without already knowing the shared secret, in which case game over anyway, but that's not the place you want to be inserting a possibly attacker-made value, and even if you do, you want to hash it in, not XOR it.
Also did they just change MitM into PitM? I already have way too many acronyms to remember as it is without people making up new ones with the same meaning :|
Yeah, I also wondered about the PitM when first saw the article summary :) As for the attack details, as I understand it that's the very point of the backdoor/bug - you establish a classic MitM where you're proxying the connection between the Telegram server and the victim so this happens *before* shared secret is even established.
