This FAQ about MTProto is intended for advanced users. You may also want to check out our Basic FAQ. Please note, that client developers are required to comply with the Security Guidelines. {contents_nav} General Why did you use a custom protocol? How does it work? Why didn't you use a different solution? Why are you mostly relying on classical crypto algorithms? I'm a security expert and I think your protocol is not secure Encryption How are MTProto messages authenticated? Are you using Encrypt-and-MAC? Why not go for Encrypt-then-MAC? Why do you use SHA-1? Do you use IGE? IGE is broken! Authentication How is the server authenticated during DH key exchange? How are clients authenticated How are secret chats authenticated? Do you have Forward Secrecy? Protection against known attacks Known-plaintext attacks Chosen-plaintext attacks Chosen-ciphertext attacks Length extension attacks Replay attacks Man-in-the-middle attacks Hash collisions for DH keys {/contents_nav} General questions Q: Why did..