Tag Archives: padding

IEEE P1735 漏洞,又是 Padding Oracle Attack...

在「IEEE P1735 Encryption Is Broken—Flaws Allow Intellectual Property Theft」這邊看到 US-CERT 發表的「IEEE P1735 implementations may have weak cryptographic protections」,裡面提到的主要漏洞: The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Programming, Security|Tagged , , , , , , , , , , , , , , |Leave a comment

SSL/TLS 的問題...

這篇與「對稱式加密系統的爆炸歷史 (Authenticated encryption 的問題)」這篇相關,建議可以一起看一看。 TLS (Transport Layer Security),前身是 SSL (Secure Sockets Layer),是目前 HTTPS 所使用的加密協議。發展的順序上是 SSLv2、SSLv3、TLSv1、TLSv1.1、TLSv1.2。 然後有兩篇文章可以看: Padding oracle attacks: in depth Attack of the week: TLS timing oracles 第一篇文章講 Padding oracle attack,第二篇文章是酸 SSL/TLS 的修正愈修愈歪... XD 像 AES 這類的 block cipher … Continue reading

Posted in Computer, Murmuring, Network, Security|Tagged , , , , , , , , |Leave a comment