[ EArthquake @ 08.06.2010. 20:00 ] @

At Eurocrypt 2002, Vaudenay introduced a powerful side-channel attack, which is called padding oracle attack, against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, he shows that is possible to efficiently decrypt data without knowing the encryption key. In this paper, we turn the padding oracle attack into a new set of practical web hacking techniques.


jako interesantan napad, sada objasnjen u praksi , mislim da sam vec pominjao slicnu stvar par puta vezano za koriscenje low level crypto rutina...