Re: padding attack vs. PKCS7
travis+ml-cryptogra...@subspacefield.org wrote: > http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ > > Towards the end of this rather offbeat blog post they describe a > rather clever attack which is possible when the application provides > error messages (i.e. is an error oracle) for PKCS7 padding in e.g. AES > CBC-encrypted web authenticators that allows an adversary to attack > the crypto one octet at a time. I think this attack can be attributed to Klima and Rosa: Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format. V. Klima and T. Rosa. http://eprint.iacr.org/2003/098.pdf -James signature.asc Description: OpenPGP digital signature
padding attack vs. PKCS7
http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ Towards the end of this rather offbeat blog post they describe a rather clever attack which is possible when the application provides error messages (i.e. is an error oracle) for PKCS7 padding in e.g. AES CBC-encrypted web authenticators that allows an adversary to attack the crypto one octet at a time. -- Obama Nation | My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgptls3HY1oR9.pgp Description: PGP signature