[tor-talk] Security Analysis of Instant Messenger TorChat
Arnis
arnis at ut.ee
Wed May 11 14:00:17 UTC 2016
FYI:
http://kodu.ut.ee/~arnis/torchat_thesis.pdf
Abstract
TorChat is a peer-to-peer instant messenger built on top of the Tor
network that not only provides authentication and end-to-end encryption,
but also allows the communication parties to stay anonymous. In
addition, it prevents third parties from even learning that
communication is taking place.
The aim of this thesis is to document the protocol used by TorChat and
to analyze the security of TorChat and its reference implementation. The
work shows that although the design of TorChat is sound, its
implementation has several flaws, which make TorChat users vulnerable to
impersonation, communication confirmation and denial-of-service attacks.
P.S. Fix not available. The author of TorChat, lacks the resources to
fix the flaws.
More information about the tor-talk
mailing list