[tor-talk] Security Analysis of Instant Messenger TorChat

Arnis arnis at ut.ee
Wed May 11 14:14:54 UTC 2016


On 05/11/2016 05:09 PM, moosehadley at gmail.com wrote:
>> On May 11, 2016, at 10:00 AM, Arnis <arnis at ut.ee> wrote:
>>
>> The work shows that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation
> The impersonation vulnerability mentioned here is inherent; it requires compromising the victims system to steal their private key, or using brute-force.
>
Check section "7 Summary of Findings" (page 45).
There are at least two impersonation flaws, none of which require to 
steal private key.


More information about the tor-talk mailing list