Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Cryptography, Padding Oracles
Clone this wiki locally
- A brief history of cryptography
- Herodotus wrote of secret messages written on wood and covered in wax so that they appeared blank and, more outlandishly, writing a message on someone's head and waiting for their hair to regrow, swallowing balls of silk sealed in wax, invisible ink, etc.
- Known as Steganography (steganos = covered, graphein = to write)
- Works quite well but has a fundamental weakness: if the message is discovered, all information is revealed
- So the development of Cryptography (kryptos = hidden), the message is not hidden but its meaning is so it can be intercepted but the information not lost
- Transposition: where the letters retain their identity but change position, e.g. using a device such as a scytale
- Substitution: where the letters retain their position but change their identity, e.g. the Caesar cipher
- To simplify sharing algorithms (e.g. a substitution alphabet), can introduce the idea of a key which helps generate the substitution, e.g. a key word/phrase for the Caesar cipher
Symmetric-key encryption (share the same key)
- Attack on substitution cipher if we know the language of the plain text: frequency analysis both of letters and pairs of letters (digrams), trigrams, etc.
- One-Time Pad
- Block ciphers
- The Padding Oracle Attack
- Review CBC and how encryption and decryption works, concentrating on XOR
- Padding errors
- Guess the last byte of a block by exploiting padding checks
- What if there's no explicit padding error? Side-channel attacks still a possibility
- Real world examples of vulnerabilities
- Simon Singh, "The Code Book"
- Dan Boneh, Stanford University, "Cryptography I"
- Rob Heaton, "The Padding Oracle Attack - why crypto is terrifying"
- Bruce Barnett, "CBC Padding Oracle Attacks Simplified – Key concepts and pitfalls"
- An implementation of the padding oracle attack capable of decrypting a ciphertext encoded with DES and AES with cipher block chaining in Ruby: