Padding oracle attacks (also Vaudenay attacks) were originally published in 2002 by Serge Vaudenay. In 2010 it was used for code execution in ASP.net. Padding oracle attack deals with cryptography. In cryptography, an oracle is a system that is supposed to perform given cryptographic operations on behalf of the user (sometimes attacker). A padding oracle is a specific type of oracle that will take encrypted data from the user, attempt to decrypt it privately, then reveal whether or not the padding is correct. It is like a side channel attack that is performed on the padding of a cryptographic message. Information leakage may occur during decryption of ciphertext. This attack is mainly concerned with CBC (cipher block chaining) mode decryption or ECB (Electronic codebook).
No comments:
Post a Comment