CBC Padding Attack
CBC is one of the best modes of operation for block ciphers, but even leaking a tiny amount of information is enough to completely undermine its security.
This one takes me between 10-15 minutes on my laptop. Some things to keep in mind:
- If you want to have an implementation with a reasonable runtime you need to attack this byte by byte.
- If you get back a 500 status for every possible byte (0x00 - 0xff) you've done something wrong.
- If you're unfamiliar with PKCS7 padding refer here. Especially important is to remember that "If the original data is a multiple of N bytes, then an extra block of bytes with value N is added".
Hey, the ciphertext in the description of the challenge (c6574d8a54c952a7f298673ee7063c16ecf5f6d6405e2ad74254ff211635e390) gets a 500 error. ??
Means the ciphertext is incomplete?
Can you provide an encrypted message that will not return a 500 error? I believe the server is broken. Change my mind.