'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
Perry E. Metzger
perry at piermont.com
Tue Sep 14 07:44:42 EDT 2010
On Tue, 14 Sep 2010 23:14:36 +1200 Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> The earlier work is also pretty devastating against CAPTCHAs (as
> well as being a damn good read, "Sudo make me a CAPTCHA" :-). A
> great many CAPTCHAs work by using a hidden form field containing
> the encrypted solution to the CAPTCHA, which is then POSTed back to
> the server along with the client's solution (this is needed to make
> the operation stateless). If the decrypted version matches what
> the client provides, they've solved the CAPTCHA. So all an
> attacker has to do is solve one CAPTCHA manually and then replay
> the encrypted version back along with the solution as often as they
> like, you don't need to hire a Pakistani Internet cafe any more for
> your CAPTCHA-breaking. This destroys an awful lot of CAPTCHAs, and
> isn't at all easy to fix because of the requirement to keep it
> stateless.
Couldn't one simply include a timestamp in the encrypted data?
Assuming a five minute window (or what have you) would be too much,
one could also keep some state for five minutes (which is not a lot
to ask for.)
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list