I'm trying to understand the exploitability of the padding oracle attack, which enables someone to decrypt and encrypt the contents without knowing the encryption key.
Can encrypted data with the first block, be decrypted by the app that relies on a static IV without knowing the IV?
I want to understand the padding oracle attack's exploitability, especially to decrypt the first block of data using static IV. The Rijndael algorithm and CBC mode with PKCS7 padding I am familiar with. Due to unknown IV, I am unable to decrypt the first block, though.
I can perform this attack (demo environment) against an implementation that relies on Rijndael algorithm with CBC mode and PKCS7 padding. I'm able to decrypt all the blocks except the first one, because of the IV that 'I don't know'.
This attack makes it also possible to encrypt data without knowing the key. Suppose that the IV is static. Should it be possible to encrypt contents including the first block in such a way, that could be decrypted by the application that relies on a certain static IV, even without me knowing that IV? Otherwise, if I have an originally encrypted string (whose first block relies on the static IV), can I reuse something from the first block that I can use or feed to my own encryption process to ensure that the first block can be decrypted by the application that relies on the static IV?
My questions.
Can encrypted data be created that the program is using a static IV to decode it even if I don't know the IV?
Can I use the first block of a string who uses a static IV in the encryption to decode the block?
Is this attack possible with Rustpad?
I have a lot to learn about encryption so bare with me please.
The tool I use to exploit this attack (decryption/encryption) is Rustpad.
Source : Padding oracle attack.
