[145849] in cryptography@c2.net mail archive
Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 14 07:45:28 2010
Date: Tue, 14 Sep 2010 07:44:42 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com
In-Reply-To: <E1OvTTA-0005PU-OS@wintermute02.cs.auckland.ac.nz>
On Tue, 14 Sep 2010 23:14:36 +1200 Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
> The earlier work is also pretty devastating against CAPTCHAs (as
> well as being a damn good read, "Sudo make me a CAPTCHA" :-). A
> great many CAPTCHAs work by using a hidden form field containing
> the encrypted solution to the CAPTCHA, which is then POSTed back to
> the server along with the client's solution (this is needed to make
> the operation stateless). If the decrypted version matches what
> the client provides, they've solved the CAPTCHA. So all an
> attacker has to do is solve one CAPTCHA manually and then replay
> the encrypted version back along with the solution as often as they
> like, you don't need to hire a Pakistani Internet cafe any more for
> your CAPTCHA-breaking. This destroys an awful lot of CAPTCHAs, and
> isn't at all easy to fix because of the requirement to keep it
> stateless.
Couldn't one simply include a timestamp in the encrypted data?
Assuming a five minute window (or what have you) would be too much,
one could also keep some state for five minutes (which is not a lot
to ask for.)
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
