Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 5/13/16 3:39 PM, m...@beroal.in.ua wrote: > "TorChat processes contact requests and updates the contact > list without asking the user's consent." "An attacker can > exploit this to add arbitrary contacts to the victim's contact list. > . ." OMG, does any IM client allow this? I

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

"TorChat processes contact requests and updates the contact list without asking the user's consent." "An attacker can exploit this to add arbitrary contacts to the victim's contact list. . ." OMG, does any IM client allow this? On 11.05.16 17:00, Arnis wrote: FYI: http://kodu.u

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 5/11/16 10:26 AM, Arnis wrote: > I don't mind, but please note that TorChat is not developed by Tor dev > team. Forgive me, I had confused TorChat with Tor Messenger. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torprojec

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 05/11/2016 05:23 PM, Blake Hadley wrote: On 5/11/16 10:14 AM, Arnis wrote: On 05/11/2016 05:09 PM, moosehad...@gmail.com wrote: On May 11, 2016, at 10:00 AM, Arnis wrote: The work shows that although the design of TorChat is sound, its implementation has several flaws, which make TorChat

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 5/11/16 10:14 AM, Arnis wrote: > On 05/11/2016 05:09 PM, moosehad...@gmail.com wrote: >>> On May 11, 2016, at 10:00 AM, Arnis wrote: >>> >>> The work shows that although the design of TorChat is sound, its >>> implementation has several flaws, which make TorChat users >>> vulnerable to imperso

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

> On May 11, 2016, at 10:00 AM, Arnis wrote: > > The work shows that although the design of TorChat is sound, its > implementation has several flaws, which make TorChat users vulnerable to > impersonation The impersonation vulnerability mentioned here is inherent; it requires compromising th

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

On 05/11/2016 05:09 PM, moosehad...@gmail.com wrote: On May 11, 2016, at 10:00 AM, Arnis wrote: The work shows that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation The impersonation vulnerability mentioned her

[tor-talk] Security Analysis of Instant Messenger TorChat

FYI: http://kodu.ut.ee/~arnis/torchat_thesis.pdf Abstract TorChat is a peer-to-peer instant messenger built on top of the Tor network that not only provides authentication and end-to-end encryption, but also allows the communication parties to stay anonymous. In addition, it prevents third par