版权声明:
以下内容来自微信公共帐号“EOS技术爱好者”,搜索“EOSTechLover”即可订阅,译者Lochaiching。转载必须保留以上声明。仅授权原文转载。
本文原文内容链接来自于https://steemit.com/security/@modprobe/let-s-talk-about-secure-messaging-apps,作者modprobe ,由本号“EOS技术爱好者”翻译。
本文全文内容如下:
Let's Talk About Secure Messaging Apps
谈谈应用程序的通信安全
作者:modprobe
翻译:Lochaiching
This is a topic that comes up every now and then, and it's one I have a number of fairly carefully formed opinions on, but I've not taken the time to organize those opinions and write them down, so this post is an effort to do that.
这是一个经常出现的话题,对这个话题我有很多相当详细的观点,但一直没有花时间去整理出来,本文是为此做的努力。
Some Background
First though, let's lay out the context: why do we care at all? I think most of us are already on the same page here, but for the sake of clarity, let's explore it anyways. There's a million messaging mechanisms out there, and some of them are already quite widespread, with email and SMS (texting) being your basic, as-close-to-universal-as-anything-gets options. Why do we want something else?
相关背景
首先,让我们来阐述一下背景: 我们为什么要关心这些?我想我们大多数人已经点击到同一页了,但是为了更加清晰这个问题,让我们来认真讨论一下。我们身边成千上百万个信息联系的工具,其中一些已经相当普遍,电子邮件和短信是你最常使用的选项。我们为什么还想要别的东西?
Well, we each have to answer that question for ourselves, but at this point I know that emails and texts are being collected and stored by people I don't know or trust. Private conversations between me and people I do know and trust are being intercepted, and could easily be tampered with in transit, by people I do not know or trust. From the start, that knowledge alone rubs me the wrong way. Even if I don't have something I actively want to hide, we're talking about my intimate details not merely being laid bare, but indexed and made searchable, to people I do not know or trust.Why would I want that? All else being equal, why would I not prefer to have that data kept private? Of course I prefer it is kept private.
我们每个人都不得不回答这个问题。但有一点,我知道有些电子邮件和短信是被我不认识或不信任的人收集和储存的,和真正认识或者信任的人之间的联系内容被拦截,而且很容易在传输的时候被篡改。这个认知让我感到不舒服。即使没有什么是真正想要隐藏的,个人尽管不是裸露的细节,会被那些我不认识或不信任的人搜索出来。为什么我要这样的形式? 在其他条件相同的情况下,我为什么不希望这些数据只有我自己能拿到呢? 当然了,我是更喜欢保密的。
But let's not be coy: we all have secrets and private thoughts and discussions. If you claim not to have secrets, I'll know never to trust you with any of mine. I absolutely do work with some information that I do want kept private, and I want good technical solutions for accomplishing that. Moreover, I know that there are people out there whom I actively distrust, who are actively recording mine and everyone else's conversations online.
我们不要羞于讨论这个问题 : 每个人都有秘密,也有自己的想法和不想被更多人看到的讨论。我永远都不会相信你说的自己没有秘密这种话的。我会找到更好的技术解决方案,处理一些想要保密的信息。另外,有一些绝对不值得信任的人,无时无刻在记录我和其他人在网上的谈话。
So what, then, do I want in a messaging system? Well, thanks to my background in cybersecurity, I understand quite a lot about what is possible and what is desirable, and perhaps I can help some of my readers shortcut directly to the end of this search without going to grad school for cryptography like I did.
那么,在消息传递系统中我需要什么呢? 幸亏我有网络安全方面的背景积累,我非常了解什么是可能的,什么是可取的,或许我可以帮助一些读者用捷径直接找到这个问题的答案,而不用像我一样去学校读加密学。
A Bit About Security in General
Everything in security is about adversaries. I want X, someone else wants (not X). Plug in whatever you want for X, and start figuring out strategies: we employ one strategy to get X, someone else employs a counterstrategy. Security is about playing those games out in our heads until we come up with our strategy for getting X, such that there is no effective counterstrategy.
关于一般的安全性
一切的安全隐患都是关于对手的。模拟一种场景:我想要X,别人想要的是其他(不是X)。代入你想要的X,然后开始找出策略,假设我们采用一种策略来找到X,对方用了与之相反的反策略。
安全问题就是在我们的头脑中反复博弈的游戏,直到我们最后能得出一个攻不破自己的反策略来找到X。
And security is always open-ended: is there actually an effective counterstrategy that we didn't foresee? We don't know. If there is, and our adversary finds it before we do, we obviously want to figure out what that counterstrategy is, and then define our counter-counterstrategy to thwart it.
安全问题总是无止境的:预测不到的反策略存在吗? 没有答案。要是存在的话,对手已经比我们早知道了。很明显这需要弄清楚,并以此为前提制定策略来阻止它。
In practice, these games tend to continue indefinitely with each side either finding a still more effective strategy, or losing interest and giving up. In practice, there is almost always a more effective counterstrategy out there still to be found, it's just a question of motivation. This is the origin of the truism "every system can be hacked.”
在现实中,这种游戏往往会没有止境地持续下去,要么找到更有效的策略,要么认输放弃。总有一种更有效的反策略存在着,这只是一个动机问题。这就是真理的起源——“每个系统都有被黑客攻击的可能”。
So from the start, we can state with confidence: there is no such thing as a truly secure X app, but there are probably a whole string of options, each a closer approximation to that standard than the last, having been designed to withstand all known counterstrategies. This general pattern holds true for pretty much every area in security, be it cyber or otherwise. Every lock can be picked, but if you care, you can get one that makes it really, really hard so that most lock-pickers will give up before they succeed.
所以从一开始就可以肯定地说: 没有所谓的真正安全的应用程序。但是可能有一系列的选项,每一个都比最后一个更接近那个标准,它被设计成能够承受所有已知反策略的那一个。这种普遍模式适用于几乎所有网络或者其他的安全领域。每一个锁都可以被盯上,但要是你在乎,你可以让它变得非常非常困难被攻破,这样大多数的攻击者也许很快就会放弃。
In information security specifically, which is the most relevant field to messaging systems, there are three main goals that all secure systems try to attain. These are known as the CIA Triad (no relation to the Central Intelligence Agency):
• Confidentiality -- Only those who are supposed to know the information can see it
• Integrity -- Only those who are supposed to be able to modify the information can modify it, and they can only modify it in the appropriate ways
• Availability -- All those who are supposed to have access to the information do have access to it, readily and easily
信息安全是消息传递系统中最相关的领域,所有的安全系统都试图实现这三个主要目标,这些被称为CIA Triad(与中央情报局无关):
•保密性——只有那些允许的人才能看到。
•完整性——只有那些被认为能够修改信息的人可以修改它,而且他们只能用合适的途径修改它。
•可用性——所有被认为能够访问信息的人都可以方便地访问该信息。
Within the study of information security, a system's security is formally defined as that system's ability achieve those three goals. If a system fails to meet any of those goals, it is insecure to the extent it falls short of them. The point to understand here is that security is not all-or-nothing. A system might have awesome confidentiality and integrity, but be really hard to use, and within information security, that system is not as secure as it could be. Whether that system is more or less secure than a system that has awesome confidentiality and availability, but makes no promises of integrity, is formally undefined and is entirely a matter of opinion.
在信息安全的研究中,系统的安全性被正式定义为系统的能力来实现这三个目标。如果一个系统不能满足这些目标,它会因此不安全。这里要理解的一点是,安全不是一切也并非一点都不重要。一个系统可能具有很高的机密性和完整性,但是一般很难触碰到这个程度。而且在信息安全中,这个系统不像它自己觉得的那样安全。这个系统是否比一个有更高机密性和可用性却不承诺完整性的系统更安全,都没有盖棺定论。
There is no official badge of secure-ness that a system can get; it doesn't work that way. Information security gives us a language with which to understand and discuss what parts of a system are or are not secure against what attack strategies. It doesn't give us an objective rule or score as to how secure a system is.
没有一个系统是真正安全的。信息安全并没有给我们一个标准的规则或分数来确定一个系统的安全程度,但是为我们提供了一种理解和讨论攻击系统策略的语言。
And Messaging Apps, Specifically?
In messaging apps, then, security means that only the people I intended to be able to read my message can read it (confidentiality); that the message they got was exactly what I sent (integrity); and that all of them could easily read it (availability). So to warm up, let's look at our examples from earlier, email and texting:
通讯应用程序,特别吗?
在通讯应用程序中,安全意味着只有那些我允许的人才能看到它(保密性);他们得到的信息内容正是我所发送的(完整性);而且他们可以方便地读到它(可用性)。为了热身,让我们看看我们之前的例子,电子邮件和短信:
• Confidentiality
• Email makes no attempt to hide the contents of communications from parties other than the addressed recipient
• Text messages are encrypted between cell phones and the tower, but this encryption has been thoroughly broken since the 90's, and no attempt is made to hide the contents of messages while in transit between cell towers
•保密性
•电子邮件不会隐藏收件人以外的其他通信内容。
•信息内容在传输过程中(between cell phones and the tower)是加密的,但是这种加密方式在90年代(链接:https://en.wikipedia.org/wiki/A5/1)就彻底被破坏掉了。
• Integrity
• Email makes no attempt to prevent tampering of the contents of the message in transit, nor does it make any attempt to render such tampering evident after the fact
• SMS makes no attempt to prevent tampering of the contents of the message in transit, nor does it make any attempt to render such tampering evident after the fact
•完整性
•电子邮件在传输过程中并没有阻止篡改信息内容,也没有在事后证明这种篡改。
•短信在传输过程中没有阻止对消息内容的篡改,也没有在事后证明这种篡改。
• Availability
• Emails are usually delivered and people usually don't have much trouble getting them, but no formal guarantees are made that emails will be delivered in order or at all
• Texts are usually delivered and people usually don't have much trouble getting them, but no formal guarantees are made that text messages will be delivered in order or at all
•可用性
•大家接收电子邮件通常不会遇到什么麻烦,但没有谁能保证邮件会按真正的顺序发送。
•大家接收信息内容通常不会遇到什么麻烦,但没有谁能保证短信会按真正的顺序发送。
So neither of these systems ranks high in confidentiality or integrity, but both do pretty well in availability. SMS is arguably better at confidentiality, but when its feeble attempt at encryption has been breakable to every hacker in his mom's basement since 1999, it's hardly even worth mentioning.
因此,这两种通讯系统在保密性和完整性方面程度都不高,但在可用性方面都做得很好。手机短信在保密性上略胜一筹,但是自从1999年以来,当黑客在他们妈妈的地下室中破解了手机短信微弱的加密技术后,似乎也变得不值得一提了。
mom's basement注释
OK, So What Do We Want?
In general, we want an option that covers all three areas (confidentiality, integrity, availability) reasonably well. So let's briefly discuss the state of the art in each of these areas:
那么我们想要的是什么呢?
一般来说,我们想要一个能包含这三个方面(保密性、完整性、可用性)的选项,让我们简单地讨论一下这几个方面的情况:
Confidentiality is generally provided by encryption. Encryption means scrambling the message so unauthorized people can't read it. There are a lot of different algorithms to encrypt things out there, and most of them are broken and can be decrypted by people who aren't supposed to be able to. So we want to be sure to use an encryption algorithm that isn't broken, such as AES (the Advanced Encryption Standard, which is really just a title given to the algorithm most trusted by the National Institute of Standards and Technology, or NIST, at any given time. This title is currently held by an algorithm named Rijndael).
保密性由加密技术完成,这意味着未经授权的人读取不到这个信息。通过不同的算法来加密,但这些算法中的大多数都被破解了。因此,我们希望使用一种没有被破解过的加密算法,比如AES(高级加密标准,它实际上只是美国国家标准和技术研究所「National Institute of Standards and Technology,简称NIST」最信任的一种算法,无论什么时候。这个名号目前由一个名为Rijndael的算法持有。)
But encryption is a bit more complicated than that. Consider SMS: as we discussed above, SMS uses broken encryption, and it only uses this encryption between the cell tower and the cell phone. Everywhere else, no encryption is used. So even if SMS used AES, it wouldn't be very confidential because it would only hide the message for part of its journey. For encryption to give us full confidentiality, it must be End to End, which means that the sender encrypts the message so that no one except the intended recipient can decrypt it. Even if the message is not decrypted by a middleman, the mere existence of a middleman who could decrypt the message breaks the End to End property of an encrypted system. In practice, designing a system where no such middlemen can exist is quite tricky, and just because a system is called "End-to-End Encrypted" doesn't mean it really is.
但加密比这要复杂一点。正如我们前面讨论的,手机信息在手机信号塔(cell tower)和手机之间使用破解过的加密技术,在此外的其他情况下都没有加密。所以即使手机信息使用AES,保密性也不能保证,因为它只是在这个过程的一部分中起了作用。为了实现真正意义上的保密性,它必须是终端对终端的,这意味着发送者对消息进行加密,这样除了允许的接收者之外没有人可以读取内容。只要中间存在一个可以解密的第三方,就会破坏加密系统的最终属性。现实中,设计一个不存在中间商的系统非常困难,“端到端加密”的系统存在于理论阶段。
So to sum up confidentiality, we achieve this through encryption, but not only do we need encryption, we need a trustworthy encryption algorithm, and that algorithm has to be deployed in such a way that we don't accidentally empower unauthorized parties to decrypt our messages. This is quite tricky to do in practice, and people make mistakes at it every day.
总结保密性:我们不仅需要加密,还需要一个值得信赖的加密算法,而且这个算法必须以授权才能查看的方式进行部署。这在现实中很难解决,每天都有人深受其害。
Integrity is sometimes provided by the encryption algorithm, but is sometimes provided by other algorithms. For example, AES alone does not provide any guarantees of integrity -- an AES encrypted message might have been tampered with, even if the tamperer didn't know what the message said. Suppose Eve has recorded several encrypted messages from Alice to Bob, including one that says "Yes" and another that says "No." Without actually knowing which one is which, Eve could simply swap one for the other, and this will destroy the integrity of the conversation without necessarily compromising its confidentiality.
完整性不完全由加密算法提供。例如,AES不提供任何完整性的保证——AES加密的消息可能被篡改,即使篡改者不知道消息内容是什么。比如Eve已经记录了从Alice到Bob的几条加密消息,包括一个说“Yes”,另一个说“No”的消息,Eve可以简单地交换顺序,这样不损害它的机密性,但破坏对话的完整性。
Cryptographic protocols ensure integrity in a number of ways, and the issues at hand are complex enough to warrant several posts, so I won't attempt to cover them in detail here. It is important to note, however, that integrity and confidentiality often go hand in hand: while it's entirely possible to have either one without the other, we usually secure them both together, and when one goes, the other often goes with it.
加密协议以多种方式确保了完整性,而且目前的问题复杂得需要几个篇幅才能讲完,这里就不赘述了。需要注意的是,完整性和保密性往往是紧密相连的:当一方不存在,另一方也不会出现。
The state of the art is that computers and software are now getting quite good at establishing a securely encrypted link to someone with guarantees of confidentiality and integrity of the messages between you and that someone, but the software can't guarantee that that someone is who you think it is, so to be sure, the humans must take some additional steps to verify that no third parties sneaked into the middle and started quietly passing messages back and forth between you and your intended recipient, possibly reading and/or changing them in transit. This is known as a Man in the Middle attack, or MITM.
计算机和软件目前变得很容易和人建立一个安全加密链接的信息,来保证你和某人信息传输的保密性和完整性。但是软件不能保证这个人就是你认为的接收方,所以可以肯定的是,我们必须采取一些另外的步骤来验证没有第三方偷偷溜进中间来偷看或篡改内容。这就是所谓的中间人攻击,即MITM。
Usually we solve this problem by trusting a central server to keep track of who is who and make sure that everyone is really talking to who they think they're talking to, but that server could just as easily lie and grant itself or someone else MITM access. Blockchain technology provides a decentralized, trustless solution to this problem, allowing software to associate a human-provided username to a particular account without trusting anyone who might lie about that pairing, but this is pretty cutting edge, and I don't know if anyone is doing this securely yet or not.
通常我们通过信任一个中心服务器来解决这个问题,来跟踪确保每个人都在和自己认为在交谈的人交谈。但这个服务器很容易撒谎,并允许MITM访问。区块链技术为这个问题提供了去中心化的、不需信任第三方的解决方案,允许软件为一方绑定特定授权的另一方,而不需要信任任何可能会在其中做小动作的中间商。这是很大的突破,我不知道是否有人能把它做得很安全。
Availability is the red-headed stepchild of information security. While security blowhards will pontificate long and hard about confidentiality and integrity, frequently speaking as though these are the only goals that matter, in practice availability is the metric that actually guides people's choices in software. Consider email and SMS: although they both abysmally fail at confidentiality and integrity, they're highly available, which is to say they're easy and reliable, so everyone uses them. Simultaneously, other systems like GPG/PGP may have strong confidentiality and integrity guarantees, but only cryptography experts know how to use them, and even they rarely actually do because they're so much effort. So while confidentiality and integrity get all the press, availability is what makes the decision, and availability essentially boils down to "Yeah, but can my grandma use it?”
可用性是信息安全的红头文件内容(red-headed stepchild)。虽然安全漏洞会对机密性和完整性进行长期并严格的讨论,实际上,可用性是大家选择软件唯一重要的指标。考虑电子邮件和短信: 尽管它们在保密性和完整性方面表现得不尽人意,但可用性程度高。同时,GPG/PGP之类的其他系统虽然能保证强大的机密性和完整性,但只有加密专家知道如何使用它们。所以尽管保密性和完整性受到了诟病,但可用性高是用户是选择的原因,它基本上可以归结为 “你说得没错,但我的奶奶会它吗?”
And therein lies the rub: a 'secure' messaging system that no one uses is not actually secure, because it's not available. Usability is part of security. It is a key part. Don't let anyone tell you otherwise. A truly secure system isn't just hard to break technically, it must also be easy to use correctly, and hard to use incorrectly.
这就是问题所在:一个“安全”的消息传递系统,没有人使用它实际上是因为它是很难让普通人普及使用。可用性是安全的关键部分。一个真正安全的系统并不仅仅是严格的技术上的突破,它也必须设计得很难被出错使用。
In many cases, security boils down to a choice: do we take confidentiality and integrity at the cost of availability, or do we take availability at the cost of confidentiality and integrity? My goal is to find an acceptable balance of both.
在许多情况下,安全性可以总结为一种选择: 我们愿意用可用性为代价来获取机密性和完整性,还是牺牲掉机密性和完整性来获取可用性?我的目标是找到两者之间的平衡。
Down to Brass Tacks: My Recommendations
In case it isn't yet clear from all of my discussion on security so far, determining whether a particular messaging app is secure or not is really freaking hard. To emphasize, when someone out there releases some app and says "This is a secure messaging app," that claim means absolutely nothing until a lot of really smart people who understand security at least as well as I do spend a lot of time and effort reviewing the underlying protocols and application code to verify that claim. I consider myself qualified to do such a verification, but I rarely do because it's a bloody ton of work to do well. For this reason, it's generally only security professionals (expensive) and academic institutions that go to the trouble.
以下是我的建议
到目前为止,确定一个通讯程序是否安全的讨论确实令人抓狂。但强调一点,当有人发布应用说“这是一个安全的通讯应用程序”,至少在很多聪明人至少和我一样花很多时间精力复习底层协议和应用程序代码来验证之前,这完全就是瞎扯。虽然我认为自己有资格做这样的验证,但我很少这么做,因为把它做好需要完成一大堆工作。出于这个原因,通常只有安全专业人员(昂贵的)和学术机构才会接这种大麻烦。
Of the secure messaging apps I have made any effort to review, my recommendations today boil down to two different apps: Wire and Signal. To be clear, I have not undertaken a formal review of these apps myself (someone would have to pay me to do that, and I would charge a lot); however, I have read their own security claims and have examined the formal reviews of others.
在安全的通讯应用程序中,今天举两种不同的应用: Wire 和 Signal。澄清一点,我并没有对这些应用程序进行正式的审查(雇我的费用很高的);但我看了他们的安全声明,并看了其他人的反馈。
Wire (https://wire.com) is my favorite, since it ranks pretty well in all categories. It's easy to use, it has pretty rigorous security standards, it's a partially open source system (the client apps and parts of the server code are open source), it has undergone formal third party security review (with acceptable results), and there don't appear to be any known serious flaws or vulnerabilities.
我最喜欢的是 Wire (https://wire.com),因为它在所有可选范围中各种指标都表现得不错。容易使用,有非常严格的安全标准,也是一个部分开源的系统(客户端应用程序和部分服务器的代码是开源的),它有了正式的第三方安全评估(有一个值得接受的评估结果),似乎没有任何明显的严重缺陷或漏洞。
If Wire is my favorite, Signal (https://whispersystems.org) is my second favorite. Though far less feature-rich than Wire, it is based on the well-known, thoroughly reviewed, and widely implemented Double Ratchet protocol designed by Open Whisper Systems. This is probably the best protocol out there for confidentiality and integrity, since it's so well-known and battle-tested, being the protocol behind Signal, What'sApp, Google Allo, and Facebook Messenger, to name a few just off the top of my head.
如果 Wire 排第一,那 Signal (https://whispersystems.org) 就是第二位了。虽然它的功能远不如 Wire,但它是基于由 Open Whisper 系统设计经过广泛实践的 Double Ratchet protocol(相关链接 https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm )。这可能是保密性和完整性最好的协议了,因为它是众所周知又经过反复检验的。What’sApp、Google Allo 和 Facebook Messenger这些应用背后的协议用的就是Signal。
The reason I recommend signal over these other apps is that, although these other apps are more user friendly and widely used (availability), they are also privacy risks as they are all closed source apps owned by companies known for hoovering up and storing forever any and all private data they can find. Thus we can safely assume that, unless additional evidence shows otherwise, when using these apps we have no confidentiality from their makers. Signal, in contrast, is open source, and the company behind it, Open Whisper Systems, publicly commits to protecting their users' privacy by retaining as little information as possible about the users' communications, even where doing so prevents them from implementing user-friendly features. This improves confidentiality at the cost of availability.
我在这些其他应用程序中推荐 Signal 的原因是,尽管其他应用对用户更友好和被广泛使用(可用性),但由于他们不开源软件并且归属于那种用尽办法收集并存储私人数据的公司,这是有隐私风险的。除非另有证据表明在使用这些应用程序时,我们没有什么需要保密的。相反的,Signal 是开源的,它背后的公司 Open Whisper Systems公开承诺尽可能少地保留用户的信息来保护用户的隐私,即使这样做会妨碍实现用户友好的功能。这是用可用性的代价来提高保密性。
So Signal may offer a bit more confidentiality and integrity, but Wire is a lot easier and more fun to use (roughly: higher availability). I also note that Signal requires a phone number, which they use to improve integrity at the cost of privacy (a facet of confidentiality). Also, for maximum security, both of these apps support an additional manual key verification step to ensure that no Man in the Middle has crept into the connection.
Signal 可能提供了更高程度的保密性和完整性,但是 Wire 更容易使用和更多乐趣(大致上有更高的可用性)。我还注意到使用 Signal 需要一个电话号码,来提高隐私的完整性 (隐私方面的一个方面)。另外为了保证最高的安全性,这两个应用程序都支持手动验证步骤,以确保中间没有其他第三方能进入。
Honorable Mention goes to Keybase (https://keybase.io) which was recently pointed out to me. Based on the widely respected, but rarely used, GPG/PGP protocol, Keybase makes GPG easy enough that people can now use it painlessly. Furthermore, Keybase leverages the Bitcoin blockchain to help provide confidentiality and integrity guarantees without the manual verification steps that most other apps benefit from. Of course, manual verification can also be performed for optimal security. From what I see so far, Keybase might be more secure than Wire or Signal; however, I haven't spent enough time looking into it to form a trustworthy opinion.
值得推荐的是最近我提到的 Keybase (https://keybase.io),基于广受尊重但很少使用的GPG/PGP协议,Keybase 让使用者能方便用到 GPG。此外,Keybase 利用区块链技术来保证机密性和完整性的验证,而不需要使用到手动验证。当然,手动验证可以让安全性更高。从目前看到的情况来看,我觉得 Keybase 可能比 Wire 或 Signal 更安全,但我没有足够的时间把这个观点变得真正值得信赖。
And Now for the Snake in the Grass
Extreme Dishonorable Mention goes to Telegram (https://telegram.org), which I want to highlight specifically as an app which, in my opinion, is not secure at all.
在草地上的蛇
最不光彩的是Telegram (https://telegram.org),我想特别强调一下,这是一款在我看来根本就不安全的应用。
Telegram is marketed, quite emphatically ("Telegram is more secure than mass market messengers like WhatsApp" is a direct quote from their FAQ page), as a secure messaging app; however, since shortly after its publication, Moxie Marlinspike (a well-known and respected hacker, co-author of the Double Ratchet protocol that powers Signal and others) pointed out irregularities in the protocol which render its security claims suspicious.
Telegram非常强调自己是一款安全的即时通讯应用(他们FAQ页面的直接写着“Telegram比市场中大量的通讯工具更安全,比如WhatsApp”)。然而,在其推出后不久,Moxie Marlinspike(一位著名且受人尊敬的黑客,影响了不止Signal的《 Double Ratchet protocol》的合著者)指出了该协议中的不规范,使得其安全声明变得可疑。
One would expect a reasonable team acting in good faith to re-evaluate their protocol's security, and perhaps enlist a respected security firm to review their designs, after such a cold reception by the cryptography community. Instead, Telegram doubled down and launched an open challenge to break Telegram's security. This would seem to indicate their confidence in the security of their protocol, and put the ball in the court of those claiming it is flawed. Instead, Marlinspike pointed out that this challenge was designed in such a way that it can't be won, no matter how bad the crypto is. He even provided an example of a trivially breakable crypto protocol, and pointed out that even that protocol can't be broken according to the rules of the challenge.
在这样一个受到密码学圈子的冷遇之后,大家希望有一个合理的团队能够善意地重新评估他们的协议的安全性,并且让一个有口碑的安全公司来审查他们的设计。相反, Telegram却反自行其道,发起了一项破解Telegram安全的公开挑战。这似乎表明了他们对协议安全性的信心,并让那些声称其中有缺陷的人接住Telegram抛出的球。Marlinspike指出这一挑战的设计,无论密码有多糟糕,挑战者都不能获胜。他提供了一个可分解的加密协议的示例,并指出即使是这种可分解的协议,按照挑战的规则也破解不了。
This conversation is fairly old at this point, but Telegram continues to persist and market itself as a secure messaging app. There are plenty of unsubstantiated claims in the wild that Telegram is secure, but I've never seen one with any substantiation based on the underlying cryptography. There are, however, plenty of articles on how it's not secure, from respected sources that provide substantial evidence for their claims. And there are now at least two papers formally presenting actual attacks on Telegram's protocol: 1, 2 (I have not reviewed these papers in detail; I see no reason to spend the time on it).
这段对话很有历史了,但Telegram继续坚持把自己定位为一个安全的通讯应用程序。有大量未经证实的声明表示Telegram是安全的,但我从未见过任何基于底层密码学的证据。却有很多关于它不安全(链接:https://security.stackexchange.com/questions/49782/is-telegram-secure)的文章(链接:https://medium.com/@thegrugq/operational-telegram-cbbaadb9013a),用大量(链接:https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415)可靠的证据来证明这一论调。现在至少有两篇论文正式提出了对Telegram协议的实际攻击:1(链接:https://www.alexrad.me/discourse/a-264-attack-on-telegram-and-why-a-super-villain-doesnt-need-it-to-read-your-telegram-chats.html),2 (链接:https://eprint.iacr.org/2015/1177.pdf)(我没有详细验证过这些文件,另外我认为没有必要把时间花在这上面。
So why so much hate for Telegram? Because they still actively market their app as secure, and at this point, I can only assume that claim is an intentional lie. I try to give people the benefit of the doubt, and apply Hanlon's Razor ("Never attribute to malice that which is adequately explained by stupidity"), but at some point I have to ask myself: can I really believe they're that stupid? Or, are they trying to deceive people? I honestly cannot imagine that someone can be that stupid; I think anyone acting in good faith would have questioned themselves by this point, and in this case, once the question is honestly asked, the answer is honestly obvious. So while I have no positive proof that they are intentionally lying, all signs seem to point that way. Please tell me, dear reader, am I being unreasonable?
所以为什么这么讨厌Telegram ? 因为他们仍然在积极地用“安全”这个噱头推广,在这一点上,我只能假设这是一个故意的谎言。我试着给人们带来怀疑的好处,并尝试用Hanlon's Razor (“愚蠢能解释的,决不要归咎于恶意”) 来解释。但在某个时刻,我不得不问自己:我真的相信他们是因为愚蠢吗?或者,这实际就是在欺骗吧?老实说,我没有办法承认有人会那么愚蠢,任何善意行事的人都会对这一点提出质疑。虽然我没有确凿的证据证明他们故意撒谎,但所有的迹象似乎都指向那个方向。亲爱的读者,请告诉我,我是在无理取闹吗?
Conclusion
So to wrap things up, let me emphasize that this is a complex issue, and it's one that I do not take lightly. I have a great deal of experience that I believe qualifies me to opine on what is and is not a secure messaging app, but I do so with hesitation because even for me, it's a lot of work to form a quality opinion. It is for that reason that I don't have an opinion on every messaging app out there. I have found a couple of apps that I do trust for my day-to-day messaging, and I'm always on the lookout for more, but at the end of the day, this is a game of one-upping that we'll be playing forever, because that's how security works.
结论
我要强调一下,这是我重视且复杂的问题。我经验丰富到相信我可以辨识出一个通讯应用程序是否安全,没有定论的原因是因为即使对我来说,得出高质量的结论需要大量的工作。正是因为这个原因,我对每一个通讯应用都没有定论。我信任我自己在用的通讯工具,在这一切结束之前我都会继续寻找更多的通讯工具的,这是安全性起作用的方式。
I recommend Wire and Signal, and possibly Keybase. I strongly warn all to actively distrust Telegram. These opinions are based on thorough and thoughtful, if not professional grade, reviews of the software and security in question, based on a background of formal training in cryptography and cryptographic software protocol design, reverse engineering, analysis, and exploitation at Rensselaer Polytechnic Institute, thanks to which I am able to understand and participate in technical security reviews.
我推荐 Wire 和 Signal 还有 Keybase ,强烈建议大家不要信任 Telegram。这些意见是基于用专业级别全面地深思熟虑,基于在Rensselaer Polytechnic Institute(即伦斯勒理工学院,是美国最早的工科大学,具体介绍可看链接:https://zh.wikipedia.org/wiki/%E4%BC%A6%E6%96%AF%E5%8B%92%E7%90%86%E5%B7%A5%E5%AD%A6%E9%99%A2)受过加密和加密软件协议设计、逆向工程、分析和开发等内容的正统训练。感谢以上背景让我能参与技术安全的审核。
My opinions are my own, and they are only intended to be good enough to satisfy me, which is a highly subjective standard. They are provided in the hopes that they are useful, but I make no promises that they are valid. If they aren't, please let me know. :)
Thanks for reading
我的意见仅代表我自己,这是一个高度主观的标准。供应商希望自己提供的服务是有用的,但我不承诺真的有用。如果没有,请告诉我 :)
谢谢阅读。
(all)
本号翻译转述,
文中观点不代表本号任何立场
本文图片来源于网络
本文原文内容链接来自于https://steemit.com/security/@modprobe/let-s-talk-about-secure-messaging-apps,作者 modprobe,由Lochaiching翻译。转载请参照本文文首说明。