Using AES-CBC with a random number plus a counter for the IV [migrated]

I understand that AES-CBC uses the following scheme for encrypting data (diagram from Wikipedia):

And, I understand that we don’t want initialization vectors to be predictable or constant, and also that you don’t want it to just be a plai… Continue reading Using AES-CBC with a random number plus a counter for the IV [migrated]

Padding Oracle Attack – Decrypting First Block with Static IV [migrated]

I’m trying to understand the exploitability of the padding oracle attack, which enables someone to decrypt and encrypt the contents without knowing the encryption key.

Can encrypted data with the first block, be decrypted by the app that … Continue reading Padding Oracle Attack – Decrypting First Block with Static IV [migrated]

Is a server using CBC without the encrypt_then_mac TLS extension necessarily vulnerable to the LUCKY13 attack?

In order for a server to be vulnerable to the LUCKY13 exploit, it has to use a ciphersuite which uses CBC and must not use the encrypt_then_mac TLS extension. However, if both these conditions are satisfied, is the server necessarily vulne… Continue reading Is a server using CBC without the encrypt_then_mac TLS extension necessarily vulnerable to the LUCKY13 attack?