Score:3

Padding Oracle Attack with Length Prefix

US flag
user106946

I'm learning about the padding oracle and had a question about a modified padding oracle. Essentially the only difference is the length of the original message is prepended to the message as a 4 byte string. It is then padded and encrypted as normal. How would the approach to this scheme be different from the standard padding oracle attack?

Score:3
my flag

How would the approach to this scheme be different from the standard padding oracle attack?

Well, in a padding oracle attack, the attacker crafts a ciphertext (possibly using a valid ciphertext as a starting point), presents that ciphertext to the decryptor, and determines whether that ciphertext was rejected for invalid padding, or not.

So, to ponder this question:

  • In your proposed scheme, what would count as 'valid padding', and what would be rejected as 'invalid padding'?

  • Given the answer to the above question, how could an attacker craft a ciphertext to get some information about the decryption of one target ciphertext block?

I'm giving you hints, and not the answer, because you're learning, and solving things yourself teaches you much more thoroughly than being given handed the answer.

poncho avatar
my flag
@AJGriffin: well, you have a valid ciphertext (actually, probably a number of them); how does that help?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.