At Eurocrypt 2002, Vaudenay introduced a powerful side-channel attack, which is called padding oracle attack, against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, he shows that is possible to efficiently decrypt data without knowing the encryption key. In this paper, he turns the padding oracle attack into a new set of practical web hacking techniques. For more information visit the below URLs:
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html http://netifera.com/research/ http://tools.securitytube.net/index.php?title=Padding_Oracle_Exploit_Tool_(POET) http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/ Regards Sandeep Thakur -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
