'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
Richard Outerbridge
outer at sympatico.ca
Fri Oct 1 23:34:39 EDT 2010
On 2010-10-01 (274), at 12:29, Brad Hill wrote:
> Kevin W. Wall wrote:
>> isn't the pre-shared key version of W3C's XML Encrypt also going to
>> be vulnerable
>> to a padding oracle attack.
>
> Any implementation that returns distinguishable error conditions for
> invalid
> padding is vulnerable, XML encryption no more or less so if used in
> such a
> manner. But XML encryption in particular seems much less likely to
> be used
> in this manner than other encryption code.
Oh come on. This is really just a sophisticated variant of the old
"never say
which was wrong" - login ID or password - attack. In this case it's
padding or
MACing. If either fails the result should be the same: something went
wrong,
sorry for you. The POET Oracle depends upon the server taking a
shortcut and
signaling which went wrong first.
--
Perfect games of Draughts always end in draws.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list