OT: Padding Oracle Attacks
Nicholas Cole
nicholas.cole at gmail.com
Sun Sep 19 10:18:54 CEST 2010
There has been quite a lot on the net lately about Padding Oracle
Attacks, said to affect many secure web applications.
http://www.theregister.co.uk/2010/09/14/web_apps_crypto_flaw
I was interested to see that the new Diaspora Social Networking
software, which uses gpg internally (though presumably not for all
things) is also said to suffer from this sort of flaw.
I've come across two interesting descriptions of the attack:
http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/
https://media.blackhat.com/bh-eu-10/whitepapers/Duong_Rizzo/BlackHat-EU-2010-Duong-Rizzo-Padding-Oracle-wp.pdf
Am I right that this is exactly the sort of attack that the MDC in gpg
is designed to prevent?
Best wishes,
Nicholas
More information about the Gnupg-devel
mailing list