Y
Hacker News
new
|
ask
|
show
|
jobs
by
tptacek
5754 days ago
All they need is
distinguishable
errors when decrypts fail. The contents of the error are irrelevant. You can send a bare 500 with no content and still be trivially vulnerable to this attack.
1 comments
bradhe
5753 days ago
Fair enough, I guess I didn't understand the attack thoroughly.
link