Daemonic Dispatches - Latest Comments in AWS signature version 1 is insecure

Re: AWS signature version 1 is insecure

Mohammed Ali — Mon, 08 Nov 2010 17:00:01 -0000

very interesting article .. Thank you.

Re: AWS signature version 1 is insecure

guest — Fri, 29 May 2009 12:17:06 -0000

Besides using SSL - I thought amazon(like google) had timestamp added as part of request - and hence it could be mis-used only in the next 15 minutes.(assuming in the
rare case - someone got hold of the request)
http://docs.amazonwebservic...
Its better or easier to use then client side certs anyway.(and as secure as it is if the "request" is changing)

Re: AWS signature version 1 is insecure

cperciva — Tue, 17 Feb 2009 05:57:33 -0000

I don't think that's ever specified; but there are no AWS requests for which it's valid to specify the same parameter twice.

Re: AWS signature version 1 is insecure

Chris — Sun, 15 Feb 2009 14:00:02 -0000

What about multiple keys? How do they sort foo=bar&foo=blaggy ?

Re: AWS signature version 1 is insecure

Dan_Mayer — Thu, 18 Dec 2008 13:45:37 -0000

Very cool good find, I will be checking to make sure all our endpoints are https

Re: AWS signature version 1 is insecure

curi — Thu, 18 Dec 2008 03:39:44 -0000

Thanks for posting this!

Re: AWS signature version 1 is insecure

Francis — Thu, 18 Dec 2008 03:27:41 -0000

It's very nice to see both act reasonably and rationally in action. It's the kind of situation that should be held as an example. =)