[144516] in cryptography@c2.net mail archive
Re: padding attack vs. PKCS7
daemon@ATHENA.MIT.EDU (James Muir)
Sun Jun 14 14:03:22 2009
Date: Fri, 12 Jun 2009 16:18:34 -0400
From: James Muir <muir.james.a@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <20090611163716.GE443@subspacefield.org>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig52B22822EAC8FAECCB1DA58D
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
travis+ml-cryptography@subspacefield.org wrote:
> http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-cod=
e-youre-doing-it-wrong/
>=20
> Towards the end of this rather offbeat blog post they describe a
> rather clever attack which is possible when the application provides
> error messages (i.e. is an error oracle) for PKCS7 padding in e.g. AES
> CBC-encrypted web authenticators that allows an adversary to attack
> the crypto one octet at a time.
I think this attack can be attributed to Klima and Rosa:
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format.
V. Klima and T. Rosa.
http://eprint.iacr.org/2003/098.pdf
-James
--------------enig52B22822EAC8FAECCB1DA58D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKMrgf4Arkm0Hw/FIRAhsLAJwICrF1BgRwMqyNItZLTLcUn//ragCgxMM+
Ss0JK9hm/yD4r2ZeJWbfW78=
=mjsA
-----END PGP SIGNATURE-----
--------------enig52B22822EAC8FAECCB1DA58D--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
