[tor-talk] Security Analysis of Instant Messenger TorChat

[Arnis <arnis@xxxxx>]

FYI:
http://kodu.ut.ee/~arnis/torchat_thesis.pdf

Abstract
TorChat is a peer-to-peer instant messenger built on top of the Tor 
network that not only provides authentication and end-to-end encryption, 
but also allows the communication parties to stay anonymous. In 
addition, it prevents third parties from even learning that 
communication is taking place.
The aim of this thesis is to document the protocol used by TorChat and 
to analyze the security of TorChat and its reference implementation. The 
work shows that although the design of TorChat is sound, its 
implementation has several flaws, which make TorChat users vulnerable to 
impersonation, communication confirmation and denial-of-service attacks.

P.S. Fix not available. The author of TorChat, lacks the resources to 
fix the flaws.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk