Delivery-Date: Wed, 11 May 2016 10:00:30 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 0EC831E0A84;
	Wed, 11 May 2016 10:00:29 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 12FAC3A5D7;
	Wed, 11 May 2016 14:00:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A9BEF3A4B9
 for <tor-talk@lists.torproject.org>; Wed, 11 May 2016 14:00:20 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IBz9DI4Ll4zt for <tor-talk@lists.torproject.org>;
 Wed, 11 May 2016 14:00:20 +0000 (UTC)
Received: from smtp2.it.da.ut.ee (smtp2.it.da.ut.ee
 [IPv6:2001:bb8:2002:500:20f:1fff:fe04:1bbb])
 by eugeni.torproject.org (Postfix) with ESMTP id 72E1B39DF3
 for <tor-talk@lists.torproject.org>; Wed, 11 May 2016 14:00:20 +0000 (UTC)
Received: from [192.168.1.19] (242.11.168.213.sta.estpak.ee [213.168.11.242])
 (Authenticated sender: arnis)
 by smtp2.it.da.ut.ee (Postfix) with ESMTP id 6B43473D71C
 for <tor-talk@lists.torproject.org>; Wed, 11 May 2016 17:00:17 +0300 (EEST)
From: Arnis <arnis@ut.ee>
To: tor-talk@lists.torproject.org
Message-ID: <57333AF1.30203@ut.ee>
Date: Wed, 11 May 2016 17:00:17 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
Subject: [tor-talk] Security Analysis of Instant Messenger TorChat
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

FYI:
http://kodu.ut.ee/~arnis/torchat_thesis.pdf

Abstract
TorChat is a peer-to-peer instant messenger built on top of the Tor 
network that not only provides authentication and end-to-end encryption, 
but also allows the communication parties to stay anonymous. In 
addition, it prevents third parties from even learning that 
communication is taking place.
The aim of this thesis is to document the protocol used by TorChat and 
to analyze the security of TorChat and its reference implementation. The 
work shows that although the design of TorChat is sound, its 
implementation has several flaws, which make TorChat users vulnerable to 
impersonation, communication confirmation and denial-of-service attacks.

P.S. Fix not available. The author of TorChat, lacks the resources to 
fix the flaws.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

