Hacker News new | past | comments | ask | show | jobs | submit login

Then you should gently persuade them away from JavaServer Faces and Rails too. The same vulnerability exists in both.



No, Rails encrypts then signs, which means it verifies HMAC before it CBC-decrypts the message. It isn't vulnerable to this attack. What led you to say that it was?

JSF was vulnerable to this attack; Thai and Juliano, the researchers that other HN users are trashing on this thread, also found that flaw as well. I have to assume it's been fixed by now.


What led you to say that it was?

Section 5.1 of this whitepaper[1] by Rizzo and Duong, that lists Ruby on Rails as one of the web frameworks vulnerable to this attack.

Granted, this paper was published in May, and I'm not a Rails guy, so it's quite possible this has been patched as well.

[1]http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf


Their comment about MessageEncryptor is accurate, but I don't believe the bare #encrypt (which could create a vulnerability if exceptions weren't laundered) is used anywhere. Rails sessions are encrypted and then HMAC'd. This pattern isn't susceptable to padding side channels.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: