Hi Kurt > I think not returning which error occurred is actually intentional, since you might > leak that information and turn it into a padding oracle.
> But I'll check what the others thinks Thanks for the feedback. I have thought of the padding oracle attack, but since all others errors have a distinct return code, having no return code would be close to having the proper return code, since it can happen in only this case. Well at least that's my understanding, and since i'm not a crypto guy I'm really interested in the answer from the real experts :) Kind regards, -- William http://www.wbonnet.net http://france.debian.net Association Debian France http://www.opencsw.org Community SoftWare for Solaris -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
