2011-10-24

Researchers crack XML Encryption

German researchers have demonstrated a technique for breaking the encryption widely used to secure data in online transactions, which they say “poses a serious and truly practical security threat on all currently used implementations of XML Encryption.”

The attack is able to recover 160 bytes of plain-text message in 10 seconds and decrypt larger amounts of data at the same pace, the researchers said.

Although the attack, described in a paper delivered last week at the ACM Conference on Computer and Communications Security in Chicago, was directed against the XML Encryption standard, it exploits weaknesses in the cipher-block chaining (CBC) mode of operation that is commonly used with many cryptographic algorithms. This makes it likely it could be used against non-XML implementations as well.

Source: XML Encryption cracked, exposing real threat to online transactions

No comments: