Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Recent research by Virgil Security, Inc. claims that the new Telegram Passport service is vulnerable to brute force attacks.
The recently released personal identification authorization tool Telegram Passport from messenger app Telegram is vulnerable to brute force attacks, according to an Aug. 1 report by cryptographic software and services developer Virgil Security, Inc.
On July 26, Telegram announced the launch of Telegram Passport designed to encrypt usersâ personal ID information and let them share their ID data with third parties such as initial coin offerings ICOs, crypto wallets, and anyone complying with know your customer (KYC) regulations.
Usersâ data is kept on the Telegram cloud using end-to-end encryption, subsequently moved to a decentralized cloud, which cannot decrypt personal data as it is seen as ârandom noise.â However, in their recent research Virgil Security raised concerns about password protection in the service.
According to Virgil Security, Telegram uses SHA-512, a hashing algorithm that is not meant to hash passwords. This algorithm reportedly leaves passwords vulnerable to brute force attacks, even if itâs salted. In cryptography, a salt is random data added as an extra secret value to the end of the input, which extends the length of the original password, providing some additional protection.
When a user encrypts personal data, it is reportedly uploaded to the Telegram cloud, and when a user needs to confirm authenticity on a third party service, they decrypt that data and re-encrypt it for that serviceâs credentials. All these factors reportedly contribute to potential exposure of a userâs password hash table to very efficient hacker attacks. The firm further explains:
âThe security of the data you upload to Telegramâs Cloud overwhelmingly relies on the strength of your password since brute force attacks are easy with the hashing algorithm chosen. And the absence of digital signature allows your data to be modified without you or the recipient being able to tell."
In March, founders of Telegram, Pavel and Nikolai Durov reported they had raised $850 million in the second round of their ICO aimed at the development of the Telegram messenger app and its own blockchain platform Telegraph Open Network (TON). Later in May, Telegramâs plan to launch an ICO was canceled due to the fact that the messaging app had attracted enough funds during their two private ICO rounds.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.