CBC Padding Attack

CBC is one of the best modes of operation for block ciphers, but even leaking a tiny amount of information is enough to completely undermine its security.


Dec. 10, 2015, 11:10 p.m.

This one takes me between 10-15 minutes on my laptop. Some things to keep in mind:

  • If you want to have an implementation with a reasonable runtime you need to attack this byte by byte.
  • If you get back a 500 status for every possible byte (0x00 - 0xff) you've done something wrong.
  • If you're unfamiliar with PKCS7 padding refer here. Especially important is to remember that "If the original data is a multiple of N bytes, then an extra block of bytes with value N is added".

Good luck!