Y
Hacker News
new
|
ask
|
show
|
jobs
by
tptacek
5332 days ago
You should read their actual paper, esp. section 3.1 (last graf) and 3.2 (first 2 grafs). You've oversimplified the problem; there is a variant of the attack that doesn't require an XML signature, for instance.