[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)
Hello, Il giorno 21/ott/2011, alle ore 16:11, Cantor, Scott ha scritto: >> opening etc. The error messages returned to the MITM are meaningful so >> that, >> the MITM, can guess with high probability to have produced a well formed >> ciphertext (w.r.t. their definition of ``well formed''ness). > > Unfortunately it's not just error messages (that's easy to prevent), it's > also a timing attack. > Yes, that's true. But these attacks are really hard to prevent, AFAIK. Most of the attacks to crypto systems based on oracles, are suffering from timing problems. Do you think that the paper from Bochum is suggesting timing attacks of another kind? > Maybe for web services, but that's not a SAML problem. Yes, that's true. It's a problem of WS-Security, when it is carrying the SAML assertion. -- Massimiliano Masi Tiani "Spirit" GmbH Guglgasse 6 Gasometer A 1110 Vienna Austria/Europe
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]