Colm O hEigeartaigh created WSS-413: ---------------------------------------
Summary: EncryptedKey security issue with streaming code Key: WSS-413 URL: https://issues.apache.org/jira/browse/WSS-413 Project: WSS4J Issue Type: Improvement Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 2.0 Instead of throwing an exception when encountering a problem in processing an EncryptedKey, we should instead generate a session key and attempt to decrypt the EncryptedData structure instead (take a look at the DOM code here). This prevents timing attacks to see where the error was in processing the key versus data. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org