On 2010-10-01 (274), at 12:29, Brad Hill wrote:
Kevin W. Wall wrote:
isn't the pre-shared key version of W3C's XML Encrypt also going to
be vulnerable
to a padding oracle attack.
Any implementation that returns distinguishable error conditions for
invalid
padding is vulnerable, XML
On Oct 1, 2010, at 11:34 PM, Richard Outerbridge wrote:
Any implementation that returns distinguishable error conditions
for invalid padding is vulnerable...
Oh come on. This is really just a sophisticated variant of the old
never say which was wrong - login ID or password - attack. In
On 2010-10-01 3:23 PM, Chris Palmer wrote:
In my quantitative, non-hand-waving, repeated experience with many clients in
many business sectors using a wide array of web application technology
stacks, almost all web apps suffer a network and disk I/O bloat factor of 5,
10, 20, ...
Which does