'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

Perry E. Metzger perry at piermont.com
Tue Sep 14 07:44:42 EDT 2010


On Tue, 14 Sep 2010 23:14:36 +1200 Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> The earlier work is also pretty devastating against CAPTCHAs (as
> well as being a damn good read, "Sudo make me a CAPTCHA" :-).  A
> great many CAPTCHAs work by using a hidden form field containing
> the encrypted solution to the CAPTCHA, which is then POSTed back to
> the server along with the client's solution (this is needed to make
> the operation stateless).  If the decrypted version matches what
> the client provides, they've solved the CAPTCHA.  So all an
> attacker has to do is solve one CAPTCHA manually and then replay
> the encrypted version back along with the solution as often as they
> like, you don't need to hire a Pakistani Internet cafe any more for
> your CAPTCHA-breaking.  This destroys an awful lot of CAPTCHAs, and
> isn't at all easy to fix because of the requirement to keep it
> stateless.

Couldn't one simply include a timestamp in the encrypted data?
Assuming a five minute window (or what have you) would be too much,
one could also keep some state for five minutes (which is not a lot
to ask for.) 

Perry
-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list