On 05/11/2016 05:23 PM, Blake Hadley wrote:
On 5/11/16 10:14 AM, Arnis wrote:
On 05/11/2016 05:09 PM, moosehad...@gmail.com wrote:
On May 11, 2016, at 10:00 AM, Arnis <ar...@ut.ee> wrote:
The work shows that although the design of TorChat is sound, its
implementation has several flaws, which make TorChat users
vulnerable to impersonation
The impersonation vulnerability mentioned here is inherent; it
requires compromising the victims system to steal their private key,
or using brute-force.
Check section "7 Summary of Findings" (page 45).
There are at least two impersonation flaws, none of which require to
steal private key.
Ahh, yes. Thank you for pointing that out.
Would you mind if I took the liberty to submit your findings to the
TorChat bug tracker for formal review?
(https://trac.torproject.org/projects/tor/)
I don't mind, but please note that TorChat is not developed by Tor dev team.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
