Tuesday, 11 June 2013

PADDING ORACLE ATTACK



  • This kind of attack exists because of the cryptographic padding that takes place on the message length. 

  • Padding oracle attacks also known as vaudenay attacks – were originally published in 2002 by serge vaudenay.  And got famous in 2010 .

  • What is it ?
Possible to decrypt and encrypt data without key in cbc(cipher block chaining) mode


  • The application verifies whether the encrypted value is properly padded or not.



When the application passed an encrypted value it responds with one of three ways:
  1.  valid ciphertext  (with proper padding) – normal response
  2.  invalid ciphertext (improper padding  - exception
  3. valid ciphertext and decrypts to an invalid value – custom error 

  • wrong padding can result in :
                    error message
                    stack traces
                    time difference
                    different responses 

PREPARED BY :

CHIRAYU PANDIT


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)