/i/2004996886.png?fit=%2C&ssl=1)
XOR is a binary operation and a one time pad is a set of key material that only sender and receiver have. The two are not exactly dependent on each other. You can encrypt things with a one time pad with XOR, but you might as well use that one time pad to determine, for example, the IV of an AES encryption without sending it over the line.
The encryption here is indeed was basic and stupid. XOR encryption works Good Enough™ as long as you keep the key secret and you don’t have a known ciphertext as the attacker (or here, victim). The advantage for the criminals is that XOR is a very fast operation, and with ransomware there is something to be said for a hack that prefers speed over encryption security. As a victim, you can also benefit from this, because the key can be traced from, for example, an Excel sheet or a Word document that you once shared on Dropbox.
MTProto2 is a lot better than MTProto and it’s still a vague proprietary algorithm, but so is Signal’s algorithm in its own right. That retarded challenge (“hack us! 100k!”) is indeed quite misleading, but no breaking vulnerabilities in MTProto2 have been found so far as far as I know. The big bugs are mainly in the protocol itself (you can’t see if a previous message was omitted, which would allow the server to easily influence a conversation like “Do you want to invade Ukraine? No! Do you want some fries? Yes!”), but the encryption layer is good enough where it is used.
That Telegram does not do E2EE in chat rooms is a completely different story.
–
