[Top] [All Lists]

Re: [smime] Message takeover attacks against S/MIME

2016-01-28 09:03:48
If I'm reading this right, the attack converts a signed-then-encrypted message 
into encrypted-then-signed by exploiting the use of CBC mode.  The attacker 
deletes, moves, or alters encrypted message blocks (excepting blocks with pad 
bits) such that most of the message still decrypts into readable text but the 
inner signature breaks.  Then he applies his own outer signature.  

Because the S/MIME spec requires clients to accept both types of messages and 
parsing of structures is lax, the recipient will accept the altered message.  
If the recipient replies, he often will include the original message content as 
a quoted section, and confidentiality is lost.

OpenPGP forbids encrypt-then-sign (no format for it), so it's not vulnerable.

-- T

smime mailing list