W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: block encryption algorithm padding

From: Joseph Ashwood <ashwood@msn.com>
Date: Thu, 11 Apr 2002 15:10:22 -0700
Message-ID: <006f01c1e1a6$33935980$6401a8c0@josephas>
To: <xml-encryption@w3.org>
----- Original Message -----
From: Aleksey Sanin

> Thanks for your suggestion but the problem arrives when you are decrypting
> the message and not when you are encrypting it (the libraries do padding
> check before returning the result).

Then you should be using a different encryption engine. Since the three
libraries you listed obviously don't suit the needs of the situation, they
are not and should not be considered useful. This will make implementation
more difficult, but difficulty is no reason to sacrifice a multitude of
benefits.

> As I said before from my point of vew the current proposed padding makes
> XML Enc non-interop with RFC1423 and from my expirience it makes
> harder to follow XML Enc standard for implementors.

RFCs are called "Request for Comment" for a reason, they are not absolute
standards. That RFC 1423 doesn't fit any purpose here, and only serves to
place limits of the security, serves as clear evidence that it would not be
an optimal choice. The padding verification is useless in a proper design, I
shoed 1 simple attack against a cipher in CBC mode, what I didn't show is
that it is accepted policy to use a MAC algorithm to certify the integrity
of a message, making the padding completely useless as a verifier of
integrity.
                Joe
Received on Thursday, 11 April 2002 18:14:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC