From 427c7dd375d52eba6286a615594748ec3b7ada67 Mon Sep 17 00:00:00 2001
From: Alexey <247128645+axkurcom@users.noreply.github.com>
Date: Sun, 15 Feb 2026 12:29:34 +0300
Subject: [PATCH] Deprecated failed KDF

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
---
 src/protocol/obfuscation.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/protocol/obfuscation.rs b/src/protocol/obfuscation.rs
index 1c55c5f..4d2197d 100644
--- a/src/protocol/obfuscation.rs
+++ b/src/protocol/obfuscation.rs
@@ -160,6 +160,12 @@ pub fn prepare_tg_nonce(
 }
 
 /// Encrypt the outgoing nonce for Telegram
+/// Legacy helper — **do not use**.
+/// WARNING: logic diverges from Python/C reference (SHA256 of 48 bytes, IV from head).
+/// Kept only to avoid breaking external callers; prefer `encrypt_tg_nonce_with_ciphers`.
+#[deprecated(
+    note = "Incorrect MTProto obfuscation KDF; use proxy::handshake::encrypt_tg_nonce_with_ciphers"
+)]
 pub fn encrypt_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> Vec<u8> {
     let key_iv = &nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN];
     let enc_key = sha256(key_iv);
@@ -208,4 +214,4 @@ mod tests {
         assert!(is_valid_nonce(&nonce));
         assert_eq!(nonce.len(), HANDSHAKE_LEN);
     }
-}
\ No newline at end of file
+}