[tor-talk] Security Analysis of Instant Messenger TorChat

Arnis arnis at ut.ee
Wed May 11 14:26:38 UTC 2016


On 05/11/2016 05:23 PM, Blake Hadley wrote:
> On 5/11/16 10:14 AM, Arnis wrote:
>
>> On 05/11/2016 05:09 PM, moosehadley at gmail.com wrote:
>>>> On May 11, 2016, at 10:00 AM, Arnis <arnis at ut.ee> wrote:
>>>>
>>>> The work shows that although the design of TorChat is sound, its
>>>> implementation has several flaws, which make TorChat users
>>>> vulnerable to impersonation
>>> The impersonation vulnerability mentioned here is inherent; it
>>> requires compromising the victims system to steal their private key,
>>> or using brute-force.
>>>
>> Check section "7 Summary of Findings" (page 45).
>> There are at least two impersonation flaws, none of which require to
>> steal private key.
> Ahh, yes. Thank you for pointing that out.
>
> Would you mind if I took the liberty to submit your findings to the
> TorChat bug tracker for formal review?
> (https://trac.torproject.org/projects/tor/)
I don't mind, but please note that TorChat is not developed by Tor dev team.


More information about the tor-talk mailing list