[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 05/11/2016 05:09 PM, moosehadley@xxxxxxxxx wrote:
On May 11, 2016, at 10:00 AM, Arnis <arnis@xxxxx> wrote:

The work shows that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation
The impersonation vulnerability mentioned here is inherent; it requires compromising the victims system to steal their private key, or using brute-force.

Check section "7 Summary of Findings" (page 45).
There are at least two impersonation flaws, none of which require to steal private key.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to