The newly released Telegram Passport, a personal identification approval tool from messenger app Telegram, is susceptible to the attacks of broke force, this is according to August 1 statement by Virgil Security Inc., a cryptographic software, and services developer.
On 26th of July, Telegram declared the commencement of Telegram Passport intended to encrypt users’ personal identification information. What is more, this also allows them to share their identification information with 3rd parties like initial coin offerings, crypto wallets, and anyone complying with KYC or Know Your Customer regulations.
User’s information is stored on the Telegram cloud utilizing end to end encryption, then moved to a decentralized cloud that can’t decrypt personal information as it is perceived as random noise. But, in their current study, Virgil Security raised issues about password security in the service.
Virgil Security stated that Telegram utilizes SHA-512, a jumbling algorithm that is not intended to jumble passwords. This algorithm allegedly leaves passwords vulnerable to brute force attacks, although it is salted. A salt, in cryptography, is unsystematic data added as a spare secret value to the end of the input that extends the duration of the original password, offering a number of additional protections.
Once users encrypt personal information, it’s supposedly uploaded to the Telegram Cloud. Once users need to verify legitimacy on a third party service, they decrypt that information and re-encrypt if for which service’s credentials. These factors allegedly add to possible exposure of users’ password jumble table to extremely efficient hacker attacks. The company further illustrates that “The security of the information a user upload to Telegram tremendously depends on the strength of the password given that brute force attacks are simple and easy with the jumbling algorithm preferred. And the non-existence of digital signatures enables users’ information to be tailored without users or the receivers being able to tell.”
A few months ago, Nikolai Durov and Pavel Durov, founder of the Telegram cloud reported that they had gained USD850 mln in the second round of their Initial Coin Offering aspired at the development of the Telegram messenger application and its own blockchain platform, which is the Telegraph Open Network or TON for short.
Later in May, Telegram Passport’s plan to commence an Initial Coin Offering was withdrawn or revoked because of the verity that this messaging application had attracted an adequate amount of funds during their two private Initial Coin Offering rounds.