[Esapi-user] [Esapi-dev] [Owasp-leaders] Crypto attack and OWASP

Kevin W. Wall kevin.w.wall at gmail.com
Sun May 2 22:11:17 EDT 2010

Jeff Williams wrote:
> IMHO this is just one more sign of a healthy security ecosystem.
> There will always be folks who think it's 37337 to release an
> unknown exploit regardless of the harm it causes. But complaining
> about it won't help.  No matter what, we need to have a measured
> response capability ready. It's entirely possible that this is an
> esoteric risk that doesn't really expose any real applications, however
> it could also be critical. At this point we don't know. I'm looking
> forward to evaluating the alleged flaw, whatever it might be.

Been researching Padding Oracle Attacks a bit. Looks like we are presently
doing one thing right and (at least) one thing wrong. We are using a
"combined" mode or the have the ability of using an HMAC-SHA1 to ensure
the authenticity. At least one thing that we are doing wrong is providing
two _different_ end user errors for the cases of where attempting the
decryption failed vs. when the decryption succeeded but the authenticity
check failed. That is easy to correct, especially since we have two separate
errors, one that is logged on the server and one that is returned to the
end user / application.

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

More information about the Esapi-user mailing list