ID: IRCNE2011101296
Date: 2011-10-24
According to "computerworld", A weakness in XML Encryption can be exploited to decrypt sensitive information, researchers say.
XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat. Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC mode.
According to Jrg Schwenk who teaches of Electrical Engineering and Information Technology at RUB, all data encryption algorithms recommended in the XML Encryption standard are affected by this attack.
More recently, the researchers demonstrated a separate attack against SSL/TLS (Secure Sockets Layer/Transfer Layer Security) implementations that use CBC mode, much like this one.
"All of these algorithms are vulnerable to the attacks since they use the CBC mode. So all implementations of the standard should be affected," Schwenk said, referring to the XML Encryption recommendations.
The researchers claim that there is no simple fix for the problem and the standard needs to be changed.
- 2