The Onion Digest

TorChat Security Issues

Posted on: April 2, 2010

I’ve set up a git repository containing a versioned and tagged TorChat with the third-party patch that fixed some security issues in prof7bit’s version.

The more I’ve looked at the TorChat source, the more I’m seeing really significant issues in its design, not to mention some hacks that shouldn’t really ever appear in something you intend the public to use (i.e. something you’d make a Portable Executable out of.) At this point, I’d really recommend pretty strongly against using it.

There are several more security issues I’ve found in just a cursory inspection, and I’ve not gotten around to putting up patches yet. If you’ve got any coding ability, you might want to check out my git repository and even consider writing something for it.

This software seems to have gotten some use in our paranoid community, which I find a bit disturbing. Again, even though I’ve put up a repository and such, I strongly recommend that you do not use TorChat.

UPDATE: I’ve created a stability branch in the TorChat repository that makes as few modifications to prof7bit’s version as possible. A tarball of this repository (it contains all the patches needed) is available here. A tarball of my version is available here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s



%d bloggers like this: