padding attack vs. PKCS7
James Muir
muir.james.a at gmail.com
Fri Jun 12 16:18:34 EDT 2009
travis+ml-cryptography at subspacefield.org wrote:
> http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/
>
> Towards the end of this rather offbeat blog post they describe a
> rather clever attack which is possible when the application provides
> error messages (i.e. is an error oracle) for PKCS7 padding in e.g. AES
> CBC-encrypted web authenticators that allows an adversary to attack
> the crypto one octet at a time.
I think this attack can be attributed to Klima and Rosa:
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format.
V. Klima and T. Rosa.
http://eprint.iacr.org/2003/098.pdf
-James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20090612/431cad64/attachment.pgp>
More information about the cryptography
mailing list