[145912] in cryptography@c2.net mail archive
Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
daemon@ATHENA.MIT.EDU (Kevin W. Wall)
Mon Sep 27 20:10:11 2010
Date: Fri, 24 Sep 2010 17:26:43 -0400
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: cryptography@metzdowd.com, tom@ritter.vg
In-Reply-To: <E1OvjHI-0008Dy-2J@wintermute02.cs.auckland.ac.nz>
Peter Gutmann wrote:
> Tom Ritter <tom@ritter.vg> writes:
>
>> What's weird is I find confusing literature about what *is* the default for
>> protecting the viewstate.
>
> I still haven't seen the paper/slides from the talk so it's a bit hard to
> comment on the specifics, but if you're using .NET's FormsAuthenticationTicket
> (for cookie-based auth, not viewstate protection) then you get MAC protection
> built-in, along with other nice features like sliding cookie expiration (the
> cookie expires relative to the last active use of the site rather than an
> absolute time after it was set). I've used it in the past as an example of
> how to do cookie-based auth right
FYI...I just received confirmation from my company's on-site consultant from
Microsoft that .NET's FormsAuthenticationTicket is also vulnerable to
this padding oracle attack. So apparently Microsoft didn't apply the MAC
protection quite right in their implementation.
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
