CBC Padding Attack

CBC is one of the best modes of operation for block ciphers, but even leaking a tiny amount of information is enough to completely undermine its security.


Dec. 10, 2015, 11:10 p.m.

This one takes me between 10-15 minutes on my laptop. Some things to keep in mind:

  • If you want to have an implementation with a reasonable runtime you need to attack this byte by byte.
  • If you get back a 500 status for every possible byte (0x00 - 0xff) you've done something wrong.
  • If you're unfamiliar with PKCS7 padding refer here. Especially important is to remember that "If the original data is a multiple of N bytes, then an extra block of bytes with value N is added".

Good luck!


38 solved
April 13, 2020, 12:09 a.m.

Hey, the ciphertext in the description of the challenge (c6574d8a54c952a7f298673ee7063c16ecf5f6d6405e2ad74254ff211635e390) gets a 500 error. ??


38 solved
April 13, 2020, 12:20 a.m.

Means the ciphertext is incomplete?


38 solved
April 14, 2020, 9:42 p.m.

Can you provide an encrypted message that will not return a 500 error? I believe the server is broken. Change my mind.