'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

Richard Outerbridge outer at sympatico.ca
Fri Oct 1 23:34:39 EDT 2010

On 2010-10-01 (274), at 12:29, Brad Hill wrote:

> Kevin W. Wall wrote:
>> isn't the pre-shared key version of W3C's XML Encrypt also going to  
>> be vulnerable
>> to a padding oracle attack.
> Any implementation that returns distinguishable error conditions for  
> invalid
> padding is vulnerable, XML encryption no more or less so if used in  
> such a
> manner.  But XML encryption in particular seems much less likely to  
> be used
> in this manner than other encryption code.

Oh come on.  This is really just a sophisticated variant of the old  
"never say
which was wrong" - login ID or password - attack.  In this case it's  
padding or
MACing.  If either fails the result should be the same: something went  
sorry for you.  The POET Oracle depends upon the server taking a  
shortcut and
signaling which went wrong first.

Perfect games of Draughts always end in draws.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list