[botan-devel] CTS against Padding Oracles ( botan-devel Digest, Vol 119, Issue 1 )

Falko Strenzke fstrenzke at cryptosource.de
Thu May 7 02:03:48 EDT 2015

Am 07.05.2015 um 04:40 schrieb botan-devel-request at randombit.net:
> Also if one were to use CBC, aside from limited compatibility with other libraries, wouldn't CTS be the only mode not vulnerable to the Padding oracle attack?

I would be very careful with such views. Certainly padding oracle
attacks are only possible with modes that need padding, so CBC with CTS
isn't subject to that. However, if you use unauthenticated modes you can
have all kinds of oracles in your application -- that is error replies
or otherwise observable behaviour due to parsing modified plaintext. And
that is possible basically in all unauthenticated modes, though with
varying details and strengths of attack. CBC with CTS still provides a
good attack surface here.



Dr. Falko Strenzke
Geschäftsführer /
Managing Director

cryptosource logo
Embedded Security and Beyond 	cryptosource GmbH
Goethestraße 41
64285 Darmstadt
Tel.: 	+49 (0) 6151 / 86 22 379
Fax.: 	+49 (0) 6151 / 786 65 80
Mobil.: 	+49 (0) 177 / 898 53 28

Email: fstrenzke at cryptosource.de <mailto:fstrenzke at cryptosource.de>
Internet: www.cryptosource.de <http://www.cryptosource.de>
	Geschäftsführer: Dr. Falko Strenzke
Unternehmenssitz: Darmstadt
Registergericht: Amtsgericht Darmstadt
Handelsregister-Nummer: HRB 93037
Umsatzsteuer-ID: DE294145062

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20150507/39ceed38/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.jpg
Type: image/jpeg
Size: 12418 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20150507/39ceed38/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2611 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20150507/39ceed38/attachment.p7s>

More information about the botan-devel mailing list