[Esapi-dev] HMAC validation bypass in ESAPI Symetric Encryption

Kevin W. Wall kevin.w.wall at gmail.com
Tue Dec 3 16:10:06 UTC 2013

In the meantime, or actually I should say regardless, I would recommend
using CCM or GCM cipher modes rather than CBC mode.

CBC mode was picked as the default simply because it was available
out-of-the box with SunJCE and I felt many F500 companies would be
reluctant to us Bouncy Castle as their JCE provider. However, starting with
JDK 7, SunJCE now supports both CCM and GCM. We still can't make these
defaults because ESAPI 2.1.x is aimed at JDK 6, not JDK 7,  but individual
companies don't have to use the defaults. For authenticated encryption
modes (or "combined modes" as NIST calls them), there is no separately
derived keys done by ESAPI; that is all handled by the JCE provider
(hopefully in a secure manner).

As far as release date for ESAPI 2.1.1, I am hoping for end of the yr. I
still have a lot of tests to write and no one to help. Also, I spent an
hour working on stuff last night (mostly reviewing assertions and changing
them to explicit checks where it makes sense) and when I was done, realized
I was working on the wrong Eclipse project that was against the trunk
rather than my branch. Oops! So now I need to make patches to aooly to my
branch or face a potential merge mess at the end. Sigh...

Sent from my Droid; please excuse typos.
On Dec 3, 2013 4:46 AM, "Renaud Dubourguais" <
renaud.dubourguais at synacktiv.com> wrote:

> I already met several vulnerable and exploitable web applications... So,
> I think that quickly release a version that merges HMAC bypass fixes
> implemented in the "kww-crypto-2.1.1" branch should be a good idea.
> On 12/02/2013 11:10 PM, Pierre Cardina wrote:
> > Hi Kevin,
> >
> > Do you have a tentative release date for this 2.1.1
> > version yet? Is there any mitigation strategy to prevent attacks on the
> > cipher text when the HMAC has been bypassed? For example not using CBC
> > for the encrypted text (to prevent padding oracle)?
> >
> > Much appreciated.
> >
> > P. Cardina
> >
> >
> >
> > _______________________________________________
> > Esapi-dev mailing list
> > Esapi-dev at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/esapi-dev
> >
> --
> Renaud Dubourguais
> Security Expert - Synacktiv
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-dev/attachments/20131203/963b9de0/attachment.html>

More information about the Esapi-dev mailing list