AES

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
9/15/2010 1:21:38 PM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

AES

Are you aware of this breaking issue on AES encryption used at machine key of ASP.net by default? Seems the key can be remotely calculated (!!!):

http://twitter.com/Zoomicon/status/24592282729

9/15/2010 1:36:46 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: AES

Hi George,

No I wasn't aware of the article

http://visualstudiomagazine.com/articles/2010/09/14/aspnet-security-hack.aspx

It is interesting but the article says they use error details returned on the failed requests after modifying the cookie to decipher the machine key.

I think the problem is mitigated by the fact that by default no error message is returned from the server because we have

<customErrors mode="RemoteOnly" which means that error details are not returned unless the request is using localhost.

So, the only people who are vulnerable are those who have turned off the friendly error page and left the error details enabled with this setting:

<customErrors mode="Off"

with the correct settings they cannot get any error details from the server, so I'm not overly alarmed but I would urge people to check the <customError configuration in Web.config and make sure it is set to RemoteOnly or On.

Best,

Joe

9/16/2010 2:48:43 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Re: AES

1) the article says AES has design flaw (the POET tool [not just for ASP.net] is supposed to crack it) and that 3DES should be used instead.

2) I think the POET tool (the version for ASP.net isn't available yet but will be after at that conference it says) doesn't parse custom errors - it wouldn't get any useful info there after all to predict the key. If you read the article it corrupts the viewstate with their own data, probably making ASP.net decrypt it again and again (and report back on failed decryption) till they predict the AES key.

So it sound like a critical issue to me

9/18/2010 8:10:18 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: AES

The information about this is out now, I have updated my blog post this morning with additional info about this.

http://www.mojoportal.com/mojoportal-2352-released.aspx

Best,

Joe

10/6/2010 9:12:35 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Re: AES

Just for completeness sake for other readers, it was issue with PKCS7 (if I remember the name) crypto header (affecting both AES and 3DES etc. encryption methods).

Microsoft initial workarround was to suggest using same custom error page for all errors and that the code in that contain a random delay to not allow the attacker to judge from time it took for server to reply which exception caused the error page

Fix now rolled out via Windows Update is that HMAC signing and validation is used by default (can turn it off but not sugested) so the workarround isn't needed anymore

You must sign in to post in the forums. This thread is closed to new posts.