[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
From: Arnis <arnis@xxxxx>
Date: Wed, 11 May 2016 17:26:38 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 May 2016 10:26:49 -0400
In-reply-to: <a89f396d-f6aa-4fc3-985b-6f5bb9aa5bf1@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <57333AF1.30203@xxxxx> <CA7AC33C-FA77-4E51-B791-53A2A35B5038@xxxxxxxxx> <57333E5E.3040709@xxxxx> <a89f396d-f6aa-4fc3-985b-6f5bb9aa5bf1@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2

On 05/11/2016 05:23 PM, Blake Hadley wrote:

On 5/11/16 10:14 AM, Arnis wrote:

On 05/11/2016 05:09 PM, moosehadley@xxxxxxxxx wrote:

On May 11, 2016, at 10:00 AM, Arnis <arnis@xxxxx> wrote:

The work shows that although the design of TorChat is sound, its
implementation has several flaws, which make TorChat users
vulnerable to impersonation

The impersonation vulnerability mentioned here is inherent; it
requires compromising the victims system to steal their private key,
or using brute-force.

Check section "7 Summary of Findings" (page 45).
There are at least two impersonation flaws, none of which require to
steal private key.

Ahh, yes. Thank you for pointing that out.

Would you mind if I took the liberty to submit your findings to the
TorChat bug tracker for formal review?
(https://trac.torproject.org/projects/tor/)

I don't mind, but please note that TorChat is not developed by Tor dev team.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Blake Hadley

References:
- [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Arnis
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: moosehadley
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Arnis
- Re: [tor-talk] Security Analysis of Instant Messenger TorChat
  - From: Blake Hadley

Prev by Author: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
Next by Author: Re: [tor-talk] 'Refresh tor browser' - and then it wasn't one anymore.
Previous by thread: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
Next by thread: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
Index(es):
- Author
- Thread