We dwell in a digital environment benefitting from its pros and battling out its cons. Ever since the beginning of the internet, we’ve successfully tackled the various challenges it posed against us. In this blog post, I’ll be sharing with you the outcome of one such quest.

As we all know the underlying protocol of our beloved World Wide Web is http.One of the major issues developers faced with http was it’s statelessness or we may say http views every step you undertake as seperate. Consider the example of an online shopping site where you keep adding items to your cart.Suppose after putting an item X into the cart you move on to pick another item say Y.Here you would want the details of the item Y to be added along with that of item X but unfortunately the stateless behavior of http would result in item Y overriding item X.This …


This is the continuation of my cryptanalysis series.In this post we are going to look into one of the most elegant attacks on AES-CBC mode.The attack is called ”Padding oracle attack” and as the name suggests it involves the manipulation of the padding oracle to retrieve the plaintext.Now, atleast a few of you would be wondering what a padding oracle is so let us first have a look at what it is.

Padding Oracle:

Most of you would have heard about the “oracle of Delphi”(I am a huge fan of Percy Jackson). So here,our padding oracle is somewhat similar to the oracle of Delphi but instead of giving out prophecies it checks whether the plaintext corresponding to a given ciphertext is properly padded.For those who have no clear idea about padding please take a look at my earlier blog post Cryptanalysis of AES-ECB (Part-1) where I have given sufficient explanation on the same. …


AES is the most commonly used symmetric key encryption scheme throughout the world.Here I am going to list the short comings of the AES-ECB mode of encryption stating some of the ways in which it can be exploited by an attacker.

First I’ll brief you through the working of the ECB mode of encryption:

The Electronic Code Book popularly known as ECB is the simplest encryption mode in AES. AES is a block cipher and hence the encryption process takes place on each block seperately where the block size is usually 16.

Image for post
Image for post

The above image gives us an idea of how the process of encryption takes place in ECB mode. …

About

Sarang Dileep

Cryptanalyst | CTF player

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store