'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

Kevin W. Wall kevin.w.wall at gmail.com
Sun Oct 3 20:08:20 EDT 2010

Peter Gutmann wrote:
> Jerry Leichter <leichter at lrw.com> writes:
>> By the way, the "don't acknowledge whether it was the login ID or the
>> password that was wrong" example is one of those things "everyone knows" -
>> along with "change your password frequently" - that have long passed their
>> "use by" date.  
> You got there before I did - real-world studies of users have shown that a
> common failure mode for this is that when users get their user name wrong they
> then try every password they can think of under the assumption that they've
> remembered the wrong password for the site.  So not only does not
> distinguishing between incorrect username and incorrect password not help [0],
> it actually makes things much, much worse by training users to enter every
> password for every site they know.
> Peter.
> [0] Well, it helps the attackers I guess...

There's other reasons that this is still done that relate to regulatory issues.
E.g., if the user names are considered by the regulatory body as sensitive PII,
this sometimes happens that these regulatory bodies mandate that one should not
distinguish between invalid user name or invalid password. So you can argue that
those regulatory bodies are misguided and/or behind the times, but can't always
blame the application developers. At other times, it is just some ill-advised
corporate policy that developers are forced to adhere to. I'm sure that you all
know well that those who understand the risks best are not always those setting

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list