https://multibit.org/blog/2015/07/25/bit-flipping-attack.html
(edit)
Here's a summary for developers:
AES encryption in CBC mode with known plain text format is open to manipulation by a malicious man-in-the-middle. If you're a developer sending AES messages around (even over HTTPS), make sure you include a MAC to ensure no manipulation has taken place in transit.
(edit)
Here's a summary for developers:
AES encryption in CBC mode with known plain text format is open to manipulation by a malicious man-in-the-middle. If you're a developer sending AES messages around (even over HTTPS), make sure you include a MAC to ensure no manipulation has taken place in transit.
That was a really interesting blog post, thanks for the link. I don't Multibit HD but I appreciate the insight on the interaction of AES and HTTPS.
