This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…
One of the most important rules of cybersecurity is: never roll your own encryption.
And what did the guys at Telegram do? Rolled their own encryption.
If you are into Telegram because you think it’s secure, think again.
There are much better alternatives out there, adopting proved industry standards. Signal or Matrix just to name a few.
‘Rolling your own…’ is a comparison to rolling your own cigarettes. That is, creating your own version from scratch instead of using something ready-made.
No, it’s not the rule itself. It’s rather an advice not to do as rolling own crypto is very tricky and complicated thing. You have to be very aware of many possible attacks, how they do work, to create own crypto properly
One of the most important rules of cybersecurity is: never roll your own encryption.
And what did the guys at Telegram do? Rolled their own encryption.
If you are into Telegram because you think it’s secure, think again. There are much better alternatives out there, adopting proved industry standards. Signal or Matrix just to name a few.
if the people you want to talk to are using telegram then you don’t have much of a choice
Maybe tell them you are using signal and that they don’t have a choice but to use it
that doesn’t work with clients. or vendors. or any other type of business partner, really. maybe your staff and your grandma and steven?
It would if everyone already had it installed.
What does ‘rolling encryption’ mean (if it’s possible to ELI15).
OP probably meant “to roll out”, meaning: “to deploy”.
Nah, it’s I guess jargon at this point, but it really just means to make up your own crypto algos.
‘Rolling your own…’ is a comparison to rolling your own cigarettes. That is, creating your own version from scratch instead of using something ready-made.
No, it’s not the rule itself. It’s rather an advice not to do as rolling own crypto is very tricky and complicated thing. You have to be very aware of many possible attacks, how they do work, to create own crypto properly
More like “don’t roll your own crypto unless you’re ready to spend years getting it scrutinized and polished”.
Generally a good rule, however Signal did develop their own encryption. It was so good it became the industry standard.