On 2010-10-01 (274), at 12:29, Brad Hill wrote:
Kevin W. Wall wrote:
isn't the pre-shared key version of W3C's XML Encrypt also going to
be vulnerable
to a padding oracle attack.
Any implementation that returns distinguishable error conditions for
invalid
padding is vulnerable, XML encryption no more or less so if used in
such a
manner. But XML encryption in particular seems much less likely to
be used
in this manner than other encryption code.
Oh come on. This is really just a sophisticated variant of the old
"never say
which was wrong" - login ID or password - attack. In this case it's
padding or
MACing. If either fails the result should be the same: something went
wrong,
sorry for you. The POET Oracle depends upon the server taking a
shortcut and
signaling which went wrong first.
--
Perfect games of Draughts always end in draws.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
