Published 25 September 2024
Reading time - 4 min

Encryption in Telegram: History, basic principles, and challenges

Read

Telegram is a popular messenger that has long surpassed all of its known counterparts and is actively positioned as a secure means of communication thanks to the use of encryption. Despite of this, privacy on the platform continues to be a subject of debates and discussions, especially after the headline-making arrest of Pavel Durov. This article will discuss how encryption in Telegram works, who developed it, and what drawbacks this seemingly flawless system has.

Who developed encryption in Telegram

Telegram was founded by brothers Pavel and Nikolai Durovs in 2013. While Pavel is known to everyone (or almost everyone), many users of the messenger know nothing about Nikolai. Meanwhile, he is one of the key developers of the platform, including encryption. It was Nikolai who created MTProto, the proprietary cryptographic protocol which is used for encryption of messages in Telegram.

MTProto is a mix of several principles of encryption in Telegram adapted for high-speed data transmission and security. The main purpose of the protocol is to provide privacy of messages, while maintaining performance of the messenger at a high level.

How encryption in Telegram works

Telegram uses two types of encryption: client-server and end-to-end encryption.

1. Client-server encryption. By default, Telegram messages are encrypted on the user’s device and are transmitted encrypted to Telegram servers. After that, messages are encrypted again before they are sent to the recipient. This type of encryption allows for storing messages in the cloud and synchronizing them between different user devices. However, theoretically, the platform administration has access to this data, because Telegram encryption keys are located on the server.

2. End-to-end encryption. For more privacy, Telegram offers Secret Chats. These use end-to-end encryption where messages are encrypted directly on the sender’s device and only get decrypted on the recipient’s device. In this case, Telegram cannot have access to this content, as the encryption keys are only known to two users.

It is important to note that secret chats are tied to specific devices and are not synchronized between them. This is done to ensure maximum protection of messages.

Principles of encryption in Telegram

MTProto uses several cryptographic methods to provide security:

  1. AES-256 is a symmetric data encryption algorithm using 256-bit keys.
  2. RSA-2048 is an asymmetric encryption algorithm for protection of data during transmission.
  3. Diffie-Hellman is an encryption method where two parties receive a shared secret key which is then used to encrypt messages.

Besides, MTProto supports protection against man-in-the-middle (MITM) attacks with the use of authentication and verification of keys.

So it is no surprise that the messenger places such a strong focus on encryption and data protection. This is critical for anyone working with private information of users. Therefore, if you want to check your system for resistance to hacks and unauthorized access, contact us for our Penetration Test service. SEVEN SENSES will help you prevent problems that are very costly to solve.

Criticism of encryption in Telegram

Trying to figure out how encryption in Telegram is arranged, we can’t fail to mention certain issues raised by information security experts. Here are some of the main problems and peculiarities they note:

  • Limited use of end-to-end encryption. In Telegram, only secret chats use end-to-end encryption, while ordinary and group messages are protected by transport encryption only. As a development company, Telegram is technically capable of accessing this data on their servers. This draws criticism from supporters of total privacy who expect to have end-to-end encryption available by default for all messages.
  • Proprietary protocol MTProto. Telegram uses their own encryption protocol MTProto, which was developed in-house. Although it was checked for vulnerabilities, some experts are skeptical because of its being closed, since commonly-known open protocols, such as Signal Protocol, are believed to be more reliable. Critics argue that the platform’s proprietary protocol has not been properly tested independently and its vulnerabilities may go undetected.
  • Storing data on Telegram’s servers. Telegram keeps encrypted messages and metadata on their servers, which makes them a target for hacks or government interference. Despite encryption, there is a risk that metadata (i.e. who sent a message and when) can be accessed, which may compromise user privacy.
  • Problems with jurisdiction and security of servers. Telegram has repeatedly moved their servers and offices between countries to avoid government pressure. This raises questions on where user data is stored and what laws these servers are subject to. Some believe that Telegram is not sufficiently transparent on this.
  • Debate on real anonymity. Although Telegram positions themselves as a secure messenger, there are doubts regarding the actual level of anonymity it provides. For example, they require your phone number to sign up, and this can be used to identify the user, especially in countries where a SIM card is registered in the name of its holder.

All these lead to an opinion that whatever encryption Telegram uses, the platform cannot be considered as totally secure. At the same time, there are those who argue that you cannot require impossible things from an ecosystem, because it is in principle impossible to achieve 100% anonymity in the modern world.

Thus, although the encryption system in Telegram has not been universally recognized as absolutely reliable, nevertheless, the degree of protection and privacy it provides was quite enough to cause discontent among government authorities. And this, in turn, is a vivid proof that with all the resources the government machinery and private corporations have, gaining access to user data in the messenger is not just difficult, but next to impossible.

At the same time, testing the security of the architecture is extremely important not only to technology giants with multimillion audiences, but also to everyone who wants their operation in the digital space to be secure and productive. Contact us and we will find and help you fix all vulnerabilities in your protection system.

Read about service

See also

Enquiry Form

Expert security is the basis for your successful work with digital assets

Complete the form to get advice. Make sure you and your business have a reliable protection against any cyber threats.

Name:
Telegram handle:
Phone number:

Complete the form below to get advice

Name:
Telegram handle:
Phone number:
Commentary:

Спасибо за обращение!

Наш менеджер свяжется с вами в течение рабочего дня.