@BRIAN_____ How would you know the padding length without reading the last byte?
-
-
-
@mik235@BRIAN_____ You would read the last byte and ignore the values of the other padding bytes, which would be bad and is what SSLv3 does -
@marshray@BRIAN_____ maybe I'm missing something, but isn't there a padding oracle either way? -
@marshray@BRIAN_____ the MAC should've been the last bytes, with padding covered. (Or just use EtM mode and stop being stupid) -
@mik235@BRIAN_____ Yes but when the other padding bytes aren't verified the attacker only has to guess 1 byte at a time. Easier to exploit. -
@marshray@BRIAN_____ can't you just align the other way? -
@mik235@BRIAN_____ The one required byte is always the last byte of the last block in the record. But maybe you see something I don't -
@marshray@BRIAN_____ Why is the max 255? How does this interact with fragmentation? - 2 more replies
New conversation -
-
-
@ivanristic@BRIAN_____ is that why i see recommendations to turn off tlsv1 too?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@BrendanEich A MUST requirement to validate payload_length https://tools.ietf.org/html/rfc6520#section-4 … wasn't enough to stop heartbleed.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.