[145917] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

daemon@ATHENA.MIT.EDU (Thai Duong)
Tue Sep 28 07:34:07 2010

In-Reply-To: <E1Owxh8-0005Gu-Sy@wintermute02.cs.auckland.ac.nz>
Date: Tue, 28 Sep 2010 10:58:21 +0700
From: Thai Duong <thaidn@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com

On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
>>I'm one of the authors of the attack. Actually if you look closer, you'll=
 see
>>that they do it wrong in many ways.
>
> The FormsAuth as well, not just the view state? =A0Interesting, I thought=
 they
> had that one right, at least.

We promised Microsoft not to release anything before they have a
working patch. Now they have it, so we release the slide we presented
at EKOPARTY. Check it out.

http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf

-Thai.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[145917] in cryptography@c2.net mail archive

Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

daemon@ATHENA.MIT.EDU (Thai Duong)Tue Sep 28 07:34:07 2010

daemon@ATHENA.MIT.EDU (Thai Duong)
Tue Sep 28 07:34:07 2010