It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Researchers crack W3C encryption standard for XML

page: 1
2

log in

join
share:

posted on Oct, 23 2011 @ 04:02 PM
link   
arstechnica.com article source link


There's new reason to be leery about relying on Web-based services to handle sensitive data. A pair of German researchers revealed at the ACM Conference on Computer and Communications Security in Chicago this week that they have discovered a way to decrypt data within XML documents that have been encrypted using an implementation of the World Wide Web Consortium's XML Encryption standard.


(PDF) Research Paper Resource: How to break XML encryption

I have read the article and the potential is pretty alarming. This will need to be fixed quickly and the research paper indicates some strategies for such a fix so perhaps no need to panic just yet. I am still studying the paper and would like to hear others take on how this vulnerability can effect e-commerce and online privacy in transactions on the popular XML language format. Much of server side and server to server encryption now takes place in XML pages. Certainly all admins need to be aware of this exploit and begin to close these holes in the system of encryption.



posted on Oct, 24 2011 @ 03:44 AM
link   
I wouldn't imagine this would be all that big of a problem -if- you are running proper network security protocols.

The real factor is the encryption of your network - which is getting up there with 128-bit AES2 Block Cypher encryption. That's a tough nut to crack. Until you can plug that into a computer and chug out a key in a useful amount of time (less than several months with the most powerful supercomputing networks available) - there's really no risk of someone snatching your file from network communications or from encrypted hard-drives or encrypted databases.

That's a "layer" of encryption.

This is encryption that is placed on the file. It is, really, only going to affect people who use more open sharing programs to distribute their XMLs. Let's say I create a new spreadsheet for a company that does a lot of distributed work, and we have a 'drop box' that we all use on a site. However, I don't want those damned marketing people messing around with it - so I encrypt it and assign a pass-key for it.

One of those marketing people does attempt to download it, and has a trojan on their computer that mirrors a copy of the network traffic to some bot-net used for mining IDs. This is a clever marketing guy (despite the virus), and he has a program that can lift the key from the XML file and open it, despite my efforts to keep other departments out of the file (even though this would normally be established by permissions - we'll assume my newtork admin is the status quo and simply retarded).

The hackers on the botnet, though, are not going to be able to crack the 128-bit block-cypher encryption on the network traffic that was mirrored to them by their trojan program. They can't tell if the marketing guy downloaded a document or started streaming more porn.

Is that making sense?



new topics
     
    2

    log in

    join