ASP.NET and the Padding Oracle Attack: Wrap-up

added by j.monty
9/20/2010 1:00:52 PM


Based on the news that was released at the time, it appeared that this vulnerability was just an issue AES. It turns out that this was false and that that this attack works against ANY BLOCK CIPHER meaning 3DES was also vulnerable. This wrap-up links to some mitigation techniques and also discusses how to protect against padding oracle attacks using Digital Signatures.


9/20/2010 12:15:28 PM
I think it is hard to understand exactly how this works, so I appreciate the summary.

9/21/2010 4:33:34 AM
A great overview to help understand exactly what the issue is with this new exploit. I found the authors post but informative and interesting. There are also some handy links to gain more info. The author also provides a solution worthy of further research

9/25/2010 12:08:09 AM
I look forward to reading what you're planning on next, because your blog is a nice read, you're writing with passion. I am thankful for the new things I learned reading your post.