|
|
|
|
|
|
by tptacek
4960 days ago
|
|
|
The CBC padding oracle is one such attack. There are a bunch of similar ones. They're "chosen ciphertext" attacks. Again, even if you get this part right, there are other things that go wrong. TLS is authenticated, and it fell to two adaptive chosen plaintext attacks because of two different implementation details they messed up. And no public cryptosystem in the world has been as thoroughly tested and analyzed as TLS. |
|
|
http://blog.cryptographyengineering.com/2011/10/attack-of-we...
For some mind-boggling reason, the designers of the XML Encryption standard decided to make authentication optional, so an attacker can simply avoid sending an incorrect MAC.