[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
From: Blake Hadley <moosehadley@xxxxxxxxx>
Date: Wed, 11 May 2016 10:23:50 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 May 2016 10:24:07 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=gYLuJvab8V4oc+cNereLbdrFq6/2x+ZozY2B3egLFVM=; b=gJbOXmzly0DZ1dFcVjqvL4yKeim1WaVrtn0XMrHbQ31toRKoakrxEVx1oGLrdSlP4l bnbSg/6x3lBgdw8ZUX2S0WeBmlu6EjDz40rCQDhJDnIdUAEU3jyIZgZbmZjteLmeu4RN 2Ps4kT0YPazQCqKaMl5MKtVf1+HWsoSOm73V6YHoZrA8/Qqp+0X38zzDA60QMwpOsB4T mXPzDam/MSs6GZ6g3g84CI8dawdxNwX01Wol73xHLhAHlRYiiuY/qY/fp36xYI5Uz4js QywlXOLxNXewxSG7BW7euUunL5Mw9rvQid9JCeqJsnCOWhhWEIXaSxo5DUIGSX8vkCCf nC2w==
In-reply-to: <57333E5E.3040709@xxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <57333AF1.30203@xxxxx> <CA7AC33C-FA77-4E51-B791-53A2A35B5038@xxxxxxxxx> <57333E5E.3040709@xxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0

On 5/11/16 10:14 AM, Arnis wrote:

> On 05/11/2016 05:09 PM, moosehadley@xxxxxxxxx wrote:
>>> On May 11, 2016, at 10:00 AM, Arnis <arnis@xxxxx> wrote:
>>>
>>> The work shows that although the design of TorChat is sound, its
>>> implementation has several flaws, which make TorChat users
>>> vulnerable to impersonation
>> The impersonation vulnerability mentioned here is inherent; it
>> requires compromising the victims system to steal their private key,
>> or using brute-force.
>>
> Check section "7 Summary of Findings" (page 45).
> There are at least two impersonation flaws, none of which require to
> steal private key.
Ahh, yes. Thank you for pointing that out.

Would you mind if I took the liberty to submit your findings to the
TorChat bug tracker for formal review?
(https://trac.torproject.org/projects/tor/)
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Arnis

References:
- [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Arnis
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: moosehadley
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Arnis

Prev by Author: Re: [tor-talk] 'Refresh tor browser' - and then it wasn't one anymore.
Next by Author: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
Previous by thread: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
Next by thread: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
Index(es):
- Author
- Thread