[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Security Analysis of Instant Messenger TorChat
"TorChat processes contact requests and updates the contact list
without asking the user's consent." "An attacker can exploit this
to add arbitrary contacts to the victim's contact list. . ." OMG, does
any IM client allow this?
On 11.05.16 17:00, Arnis wrote:
TorChat is a peer-to-peer instant messenger built on top of the Tor
network that not only provides authentication and end-to-end
encryption, but also allows the communication parties to stay
anonymous. In addition, it prevents third parties from even learning
that communication is taking place.
The aim of this thesis is to document the protocol used by TorChat and
to analyze the security of TorChat and its reference implementation.
The work shows that although the design of TorChat is sound, its
implementation has several flaws, which make TorChat users vulnerable
to impersonation, communication confirmation and denial-of-service
P.S. Fix not available. The author of TorChat, lacks the resources to
fix the flaws.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to