On 5/11/16 10:14 AM, Arnis wrote: > On 05/11/2016 05:09 PM, moosehad...@gmail.com wrote: >>> On May 11, 2016, at 10:00 AM, Arnis <ar...@ut.ee> wrote: >>> >>> The work shows that although the design of TorChat is sound, its >>> implementation has several flaws, which make TorChat users >>> vulnerable to impersonation >> The impersonation vulnerability mentioned here is inherent; it >> requires compromising the victims system to steal their private key, >> or using brute-force. >> > Check section "7 Summary of Findings" (page 45). > There are at least two impersonation flaws, none of which require to > steal private key. Ahh, yes. Thank you for pointing that out.
Would you mind if I took the liberty to submit your findings to the TorChat bug tracker for formal review? (https://trac.torproject.org/projects/tor/) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk