On 2010-09-28 1:58 PM, Thai Duong wrote:
On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann
<pgut...@cs.auckland.ac.nz> wrote:
I'm one of the authors of the attack. Actually if you look closer, you'll see
that they do it wrong in many ways.
The FormsAuth as well, not just the view state? �Interesting, I thought they
had that one right, at least.
We promised Microsoft not to release anything before they have a
working patch. Now they have it, so we release the slide we presented
at EKOPARTY. Check it out.
http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf
Now I understand why one should, counterintuitively, encrypt then MAC.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
