Comments on: Understanding Padding Oracle attacks

By: » A besta assusta, mas nem tudo está perdido

» A besta assusta, mas nem tudo está perdido — Fri, 27 Jan 2012 03:06:42 +0000

[...] dos pesquisadores, mas assim como a outra pesquisa apresentada pela mesma dupla no ano passado: Padding Oracle Attack, gerou muita confusão e FUD na mídia. A do ano passado gerou pânico nos desavisados que achavam [...]

By: Davy

Davy — Mon, 09 Jan 2012 05:50:33 +0000

Hi. 1.Do you implement the padding oracle attacks on ISO CBC mode?
2.What do you think about padding oracle attacks on CBC mode encryption with secret and random IV?

By: 2010???????????Padding Oracle Attack????????? | Simon Zone

2010???????????Padding Oracle Attack????????? | Simon Zone — Mon, 02 Jan 2012 02:07:04 +0000

[...] Understanding Padding Oracle attacks [...]

By: Mauricio Gaueca F.

Mauricio Gaueca F. — Wed, 21 Sep 2011 21:25:56 +0000

Hello,

The AES EAX mode solve this problem? For example, generating a random iv and send it as a authenticate data ?

Regards !

By: Insomni’hack 2011 | Linux-backtrack.com

Insomni’hack 2011 | Linux-backtrack.com — Thu, 10 Mar 2011 08:33:12 +0000

[...] week-end pour récupérer le papier exposant l’algorithme d’attaque (également repris ici), mon défi est alors de résoudre l’épreuve avant d’arriver Gare de Lyon (et que la [...]

By: Insomni’hack 2011 | Segmentation fault

Insomni’hack 2011 | Segmentation fault — Mon, 07 Mar 2011 23:39:06 +0000

[...] week-end pour récupérer le papier exposant l’algorithme d’attaque (également repris ici), mon défi est alors de résoudre l’épreuve avant d’arriver Gare de Lyon (et que la [...]

By: Eloi Sanfèlix

Eloi Sanfèlix — Wed, 02 Mar 2011 08:56:51 +0000

What do you mean? One of the 256 guesses will give you a successful padding. It might be the first one, or the last one, or any of the intermediates.

If you have all the previous n bytes, then you know what the value is and how to create them so that the padding length is n+1. Then you start modifying the next byte and give it all possible values until you find a correct padding. Then you know the byte, change all the n+1 bytes to prepare for the n+2 guess, and iterate to the next one.

Anyway, I’m not sure if I get your question… maybe you can explain yourself a little bit

By: Melsk

Melsk — Wed, 02 Mar 2011 05:18:26 +0000

What do you do when an intermediate byte doesn’t give you a successful padding?

By: Wow! Uncle Joey » Blog Archive » 2010???????????Padding Oracle Attack

Wow! Uncle Joey » Blog Archive » 2010???????????Padding Oracle Attack — Wed, 29 Dec 2010 14:59:42 +0000

[...] Understanding Padding Oracle attacks [...]

By: JJ

JJ — Mon, 11 Oct 2010 01:58:18 +0000

Eloi,
Thank you for the reply!

In other words, if I captured an encrypted cookie from some random website and then tried to run a padded oracle attack against that encrypted cookie via a server running a vulnerable version of ASP.NET, it should NOT work because the cookie was encrypted using some other encryption key from some other site? Correct?

By: Eloi Sanfèlix

Eloi Sanfèlix — Sat, 09 Oct 2010 08:42:41 +0000

@JJ If you refer to the code itself, you’d need to adapt it.

If you refer to the attack, then the answer is yes provided you find a padding oracle using under the same key the cookie is encrypted with.

The oracle can be in the cookie decoding routine or anywhere else in the web app, but it has to be under the same key.

By: JJ

JJ — Fri, 08 Oct 2010 22:29:51 +0000

Can this be used to crack cookies?

By: On Padding Oracles, CBC-R and timing attacks… « Limited Entropy Dot Com

Mon, 04 Oct 2010 20:37:29 +0000

[...] so if you remember from last post, we have a way to decrypt messages making use of a padding oracle. So, by providing specially [...]

By: Eloi Sanfèlix

Eloi Sanfèlix — Mon, 04 Oct 2010 18:31:25 +0000

Hi all.

Thanks for the comments

@james , the Crypto.Cipher module comes from the pycrypto module. You can find it here: http://www.dlitz.net/software/pycrypto/ .

Cheers,
Eloi

By: ASP.NET Padding Oracle Attack – flyingpenguin

ASP.NET Padding Oracle Attack – flyingpenguin — Tue, 28 Sep 2010 21:12:41 +0000

[...] Introduction to Padding Oracle Attack, including Python code [...]

By: Vulnerabilità delle applicazioni ASP.NET | Siamo geek

Vulnerabilità delle applicazioni ASP.NET | Siamo geek — Mon, 27 Sep 2010 14:43:21 +0000

[...] ASP.NET si basa sul un problema dell’implementazione dell’algoritmo crittografico del padding oracle (in crittografia un oracle è un’entità algoritmica che risponde in un determinato modo a [...]

By: kakrat

kakrat — Sat, 25 Sep 2010 09:18:39 +0000

Thanks, I finally understand it. It’s pretty twisted.

By: james

james — Fri, 24 Sep 2010 12:27:03 +0000

i can not find any crypto.chipher in default python installation. is there any additional package ? if it is please suggest me some links.

By: Joe

Joe — Fri, 24 Sep 2010 09:08:33 +0000

Thanks for this! Please continue writing quality posts. Personally, I’m not an encryption guru, so posts explaining basic concepts and newbie material would be greatly appreciated

By: ASP Bite Danger | Complete Source

ASP Bite Danger | Complete Source — Wed, 22 Sep 2010 23:49:09 +0000

[...] to store information during user sessions. This is related to something the crypto pros call “padding oracle,” which has nothing to do with Oracle the [...]