Is CSRF token encryption protected against a BREACH attack?

Question

Is CSRF token encryption protected against a BREACH attack?

OWASP Encrypt Pattern Token Pattern is a CSRF protection solution where the value of the token is a function of time. Does this mean that the Encrypted Token Pattern has built-in BREACH attack protection ?

+4

webforms csrf csrf-protection

ali Jun 15 '15 at 17:10

source share

1 answer

SilverlightFox · Accepted Answer · 2015-06-16T10:50:33+0000

As a rule, no, since in most implementations the token is generated only once for authentication (i.e. when someone logs in to the system). In general, it is recommended that you only generate the CSRF token once per session.

, CSRF BREACH, . , , .

, BREACH, .

. , , HTTP-, referer , . HTTP- HTTPS-, .

Is CSRF token encryption protected against a BREACH attack?

More articles: