3 letters services have access to a special acceleration hardware which allows to do brute force at incredible speed and they have exploits for popular cipher algorithms which allows to significantly reduce computation cost.
Do you also happen to “know” about extraterrestrial civilizations helping them? Or maybe gained access to “state secrets” indicating replacing all the scientific world with radio-controlled clones to hide “real knowledge”? This can’t be rejected, if I read that somebody can break known physics and maths, and even plausible hypothetical future physics.
TLS is abbreviation for Transport Layer Security. This is just protocol envelope which provide standard approach to use encrypted channel. It can use different cipher suites with different cipher altorithms and different key exchange algorithm.
TLS itself doesn't guarantee that it will use good cipher suite, it depends on client and server implementation and configuration.
TLS allows the use of
different (meaning: multiple) cipher suites, but it doesn’t allow the use of
any cipher suites. And the primary changes between TLS versions are in the set of permitted cryptographic features, including ciphers.
And it may confuse user, because he may think that he using channel with strong cipher, but actually it may use weak and vulnerable cipher suite.
TLS prohibits such cipher suites.
Also TLS has serious security issue, because it allows to see a lot of data about connection which is sent unencrypted at handshake. For example, it sends host name. Also it allows to detect client and server applications which by their handshake fingerprint. All this is major security issue, even if you use custom made cipher suite with a strong cipher and key exchange algorithms.
This is RFC 3546 (§3.1), not core TLS. TLS itself doesn’t even have provisions for doing so, much less requires it, and one can use TLS without this “terrifying vulnerability.”
The “horrible privacy leak” is of minor relevance, because this is routing information. The same kind of information that is held in IP headers. This is why it isn’t encrypted: one can’t hide name and apartment number on an envelope, if a postman is expected to deliver a letter.
The need for using SNI arises from a single IP address hosting more than a single domain name. The alternative is having one IP address per domain name. Which would reveal exacty the same information in the IP header, making SNI no worse than the alternative without it.
The entire issue is mostly of interest to historians too, given that now TLS supports encrypted hello and it’s deployed in all major browsers.
Yes, not an expert here but i already suspected the standards inside TLS could only become standards after the three letter agencies knew how to deal with them efficiently.
So, do you find your way of thinking reasonable? It seems to boil down to: “I’m not an expert, but I’ll ignore what experts say, because they must be on government payroll, since what they say disagrees with what I think”.
Other news of today: Telegram CEO Pavel Durov detained at airport in France.
Which is only tangentially related to encryption.
Don't know what ciphers Telegram is using.
Usually none. Most of Telegram communication is unencrypted and, despite advertising itself for “private chats”, the company designed UI in a manner that makes enabling chat encryption inconvenient. That’s the point of criticism for almost a decade now and Telegram continuously refuses to fix that issue or make encryption default. If you enable encryption, they still roll out their own crypto and they retain full control over the endpoint. The solution is properly named “MProto”, but it’s not recognized or known elsewhere, so it may as well be called “the Telegram thing”.