[Esapi-dev] HMAC validation bypass in ESAPI Symetric Encryption
Pierre Cardina
pcardina at yahoo.fr
Mon Dec 2 22:10:01 UTC 2013
Hi Kevin,
Do you have a tentative release date for this 2.1.1
version yet? Is there any mitigation strategy to prevent attacks on the
cipher text when the HMAC has been bypassed? For example not using CBC
for the encrypted text (to prevent padding oracle)?
Much appreciated.
P. Cardina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-dev/attachments/20131202/b5025bef/attachment.html>
More information about the Esapi-dev
mailing list