• undrivendev@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    2 months ago

    One of the most important rules of cybersecurity is: never roll your own encryption.

    And what did the guys at Telegram do? Rolled their own encryption.

    If you are into Telegram because you think it’s secure, think again. There are much better alternatives out there, adopting proved industry standards. Signal or Matrix just to name a few.

    • nutsack@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      if the people you want to talk to are using telegram then you don’t have much of a choice

      • iopq@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        Maybe tell them you are using signal and that they don’t have a choice but to use it

        • nutsack@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 months ago

          that doesn’t work with clients. or vendors. or any other type of business partner, really. maybe your staff and your grandma and steven?

      • gressen@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        9
        ·
        2 months ago

        OP probably meant “to roll out”, meaning: “to deploy”.

      • lichengeese@lemmy.zip
        link
        fedilink
        English
        arrow-up
        13
        ·
        2 months ago

        ‘Rolling your own…’ is a comparison to rolling your own cigarettes. That is, creating your own version from scratch instead of using something ready-made.

    • endofline@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      No, it’s not the rule itself. It’s rather an advice not to do as rolling own crypto is very tricky and complicated thing. You have to be very aware of many possible attacks, how they do work, to create own crypto properly

      • EngineerGaming@feddit.nl
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 months ago

        More like “don’t roll your own crypto unless you’re ready to spend years getting it scrutinized and polished”.

    • testo12@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      Generally a good rule, however Signal did develop their own encryption. It was so good it became the industry standard.