|
|
|
|
|
|
by blattimwind
2258 days ago
|
|
|
Yeah, that's not a padding oracle, but it's similar in concept, because the prefix check after decryption will likely leak whether the app considers the ciphertext valid, ala: pk = decrypt(params.id)
if pk[0:8] != EIGHT_ZEROS:
return Http404
id = int(pk[8:16])
object = db.query(id)
Also stuff like this isn't really specific to using this particular construction. Even if systems are designed to return "does not exist" instead of "forbidden", it's hard to make authorization checks constant time and I've never seen code to even try that. |
|
|