[145952] in cryptography@c2.net mail archive
Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
daemon@ATHENA.MIT.EDU (Richard Outerbridge)
Sat Oct 2 18:04:52 2010
From: Richard Outerbridge <outer@sympatico.ca>
To: cryptography@metzdowd.com
In-Reply-To: <7E3B942D6F9AE64EA28CE80B7283C1EC360E1E0013@exch01.isecpartners.com>
Date: Fri, 1 Oct 2010 23:34:39 -0400
On 2010-10-01 (274), at 12:29, Brad Hill wrote:
> Kevin W. Wall wrote:
>> isn't the pre-shared key version of W3C's XML Encrypt also going to
>> be vulnerable
>> to a padding oracle attack.
>
> Any implementation that returns distinguishable error conditions for
> invalid
> padding is vulnerable, XML encryption no more or less so if used in
> such a
> manner. But XML encryption in particular seems much less likely to
> be used
> in this manner than other encryption code.
Oh come on. This is really just a sophisticated variant of the old
"never say
which was wrong" - login ID or password - attack. In this case it's
padding or
MACing. If either fails the result should be the same: something went
wrong,
sorry for you. The POET Oracle depends upon the server taking a
shortcut and
signaling which went wrong first.
--
Perfect games of Draughts always end in draws.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
