Hi Full Disclosure Readers, Let's jump right into the vulnerability: In May of last year, I reported to CryptoGuard that their cryptography wasn't guarding against chosen-ciphertext attacks, which is the sort of oversight that would allow me to intercept a ciphertext message then keep feeding it back into the decryption process with slight alterations until I recovered the plaintext. http://ift.tt/1YRG6Vq And then several months passed, and I forgot it even existed. I got a notification last night that they closed the issue, and eagerly tagged a v1.0.0 release. So I looked again a bit more carefully and I discovered that they were using their IV as an HMAC key. http://ift.tt/1SmY3dD Experienced infosec folks are probably expecting me to say, "Don't roll your own crypto." And they're half right. You probably shouldn't write your own crypto code, be it for encrypting text, storing passwords, or storing all of your session state in a cookie (shudder). But I've come to realize that telling programmers not to write crypto is like telling teenagers to practice abstinence. Instead, I implore you to follow the advice of Taylor Hornby (Defuse Security, Crackstation, CryptoFails, etc.): http://ift.tt/1ACyqul Crypto Amateurs: Write Crypto Code! Don't Publish It!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment