Re: padding attack vs. PKCS7

2009-06-14 Thread James Muir
travis+ml-cryptogra...@subspacefield.org wrote: http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ Towards the end of this rather offbeat blog post they describe a rather clever attack which is possible when the application provides error messages

padding attack vs. PKCS7

2009-06-12 Thread travis+ml-cryptography
http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ Towards the end of this rather offbeat blog post they describe a rather clever attack which is possible when the application provides error messages (i.e. is an error oracle) for PKCS7 padding in e.g.