Comment 5 for bug 1175367
Revision history for this message
| Guang Yee (guang-yee) wrote Re: Memcache encryption middleware improperly implemented | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Yes, we should get absolutely get rid of the marker checking logic. Error out if we can't verify or decrypt data.
An attacker have access to memcache can corrupt data. I don't think adding signature before encryption can prevent that.
If attacker managed to get a hold of the encryption key, signing key is likely compromised as well.
I would think the benefit of adding signature prior to encryption is to guard against brute force attack on the decryption.