[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Security Analysis of Instant Messenger TorChat



On 5/11/16 10:14 AM, Arnis wrote:

> On 05/11/2016 05:09 PM, moosehadley@xxxxxxxxx wrote:
>>> On May 11, 2016, at 10:00 AM, Arnis <arnis@xxxxx> wrote:
>>>
>>> The work shows that although the design of TorChat is sound, its
>>> implementation has several flaws, which make TorChat users
>>> vulnerable to impersonation
>> The impersonation vulnerability mentioned here is inherent; it
>> requires compromising the victims system to steal their private key,
>> or using brute-force.
>>
> Check section "7 Summary of Findings" (page 45).
> There are at least two impersonation flaws, none of which require to
> steal private key.
Ahh, yes. Thank you for pointing that out.

Would you mind if I took the liberty to submit your findings to the
TorChat bug tracker for formal review?
(https://trac.torproject.org/projects/tor/)
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk