The recently released authorization tool Telegram Passport from the Telegram messenger is vulnerable to “brute force” attacks, according to the report of cryptographic software developers Virgil Security, Inc.
Virgil Security said that Telegram uses SHA-512, a hash algorithm that is not designed for hash passwords. It is reported that this algorithm leaves passwords vulnerable to “brute force” selection, even if they are complex.
When the user encrypts their personal data, they are downloaded to the Telegram cloud, and when the user has to authenticate in a third-party service, they decrypt this data and re-encrypt it for the credentials of this service. It is reported that all these factors contribute to the potential impact of hacker attacks.
July 26 Telegram announced the launch of Telegram Passport, designed to encrypt the personal identity of users, and allows them to share their identity with third parties.