-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security problem #13
Comments
We can't encrypt this data in such way, that no one will have access to it, as long as we don't use password-protected launch of the application. But we can still encrypt it with some generated and saved key, so that it won't be plain text. Is that what you are talking about? |
You might be able to leverage the Windows CryptoAPI to have it store the credentials on the application's behalf. |
Yes, that's the way, do not use a plain text. Generated key would be unique
|
There is some discussion about Telegram security issues and also one master thesis from September 2015 available talking about Telegram protocol security issues. It would be good if Telegram would rely on proven free and open-source encryption protocol(s) and not reinvent the wheel. There are some competitive alternatives, e.g. Zyptonite, Wire, Tox, etc. It would be good to see comparison table about security features these programs have and compared with Telegram Desktop. Here is one secure messaging comparison table - unfortunately looks like Telegram isn't the securest one.... There is yet another interesting solution - Maidsafe. I really hope that Telegram Desktop will benefit from all of them and offer really secure solution (preferally built-in). |
One more idea regarding secret chat - using telegram.me mechanism I would propose to make possible to create link which will directly start secret chat. E.g. https://telegram.me/secret/YourUsernameHere |
Proxy settings are encrypted for a long time now. |
Fixes telegramdesktop#13. (Based on upstream's commit telegramdesktop/tdesktop@2e421e8, )
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Hi, file "config" in folder "tdata" contains the login information and password for proxy in an unencrypted form. It can be very big safety problem especialy for portable version!
The text was updated successfully, but these errors were encountered: