[tor-talk] Security Analysis of Instant Messenger TorChat

Arnis arnis at ut.ee
Wed May 11 14:00:17 UTC 2016


TorChat is a peer-to-peer instant messenger built on top of the Tor 
network that not only provides authentication and end-to-end encryption, 
but also allows the communication parties to stay anonymous. In 
addition, it prevents third parties from even learning that 
communication is taking place.
The aim of this thesis is to document the protocol used by TorChat and 
to analyze the security of TorChat and its reference implementation. The 
work shows that although the design of TorChat is sound, its 
implementation has several flaws, which make TorChat users vulnerable to 
impersonation, communication confirmation and denial-of-service attacks.

P.S. Fix not available. The author of TorChat, lacks the resources to 
fix the flaws.

More information about the tor-talk mailing list