Comment 7 for bug 1175367
Revision history for this message
| Guang Yee (guang-yee) wrote Re: Memcache encryption middleware improperly implemented | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
> The difference is that adding a signature before encryption means we reject the corrupted data as invalid, rather than accepting it
and potentially serving attack data to the user. Remember that an attacker can modify the output of the decryption even if they can't read the encrypted data. As currently written, the client will trust that modified data.
Can you please elaborate? How does attacker "modify the output of the decryption"? If attacker don't have to right decryption key, the decrypted output will be garbage and won't be interpreted as token data.