If I use MTProto for telegram instead of HTTPS, what benefits or advantages will I get?

927    Asked by AlastairMcDade in SQL Server , Asked on Dec 31, 2021

What are the advantages of using MTProto over HTTPS for telegram? 

A detailed description that I found on the telegram website explained that - Before a message (or a multipart message) is transmitted over a network using a transport protocol, it is encrypted in a certain way, and an external header is added at the top of the message that consists of a 64-bit key identifier auth_key_id (that uniquely identifies an authorization key for the server as well as the user) and a 128-bit message key msg_key.

The authorization key auth_key combined with the message key msg_key define an actual 256-bit key aes_key and a 256-bit initialization vector aes_iv, which are used to encrypt the message using AES-256 encryption in infinite garble extension (IGE) mode. Note that the initial part of the message to be encrypted contains variable data (session, message ID, sequence number, server salt) that obviously influences the message key (and thus the AES key and iv). In MTProto 2.0, the message key is defined as the 128 middle bits of the SHA-256 of the message body (including session, message ID, padding, etc.) prepended by 32 bytes taken from the authorization key. In the older MTProto 1.0, the message key was computed as the lower 128 bits of SHA-1 of the message body, excluding the padding bytes.

Answered by Amit raj

First of all, the Hypertext Transfer Protocol Secure is a special purpose protocol for web browsing and optimized for this use-case. That doesn't stop people from using it for other purposes, but this is not what the protocol was designed for.


MTProto does not just define encryption, but also how individual chat messages and their metadata are structured. Because HTTPS is not a chat protocol, it doesn't have any useful specifications for anything like that. Also, chat protocols need to be able to push messages to clients without them polling the server all the time. HTTP(S) with its request-response model isn't built for that. Another thing Telegram needs but which HTTPS does not provide is encryption between clients. HTTPS only provides encryption between client and server.



Your Answer

Interviews

Parent Categories