[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 05/11/2016 05:23 PM, Blake Hadley wrote:
On 5/11/16 10:14 AM, Arnis wrote:

On 05/11/2016 05:09 PM, moosehadley@xxxxxxxxx wrote:
On May 11, 2016, at 10:00 AM, Arnis <arnis@xxxxx> wrote:

The work shows that although the design of TorChat is sound, its
implementation has several flaws, which make TorChat users
vulnerable to impersonation
The impersonation vulnerability mentioned here is inherent; it
requires compromising the victims system to steal their private key,
or using brute-force.

Check section "7 Summary of Findings" (page 45).
There are at least two impersonation flaws, none of which require to
steal private key.
Ahh, yes. Thank you for pointing that out.

Would you mind if I took the liberty to submit your findings to the
TorChat bug tracker for formal review?
I don't mind, but please note that TorChat is not developed by Tor dev team.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to