Speaker: Dr. Henning Kopp
When encrypting data, block ciphers operate on data blocks of fixed length. However, data that should be encrypted may not fit within the block limits. Consequently, when performing encryption routines the last data block is padded in an invertible way. A problem often overlooked in cryptographic applications is the error handling when encountering an incorrect padding in the decryption routine. Signalling if a padding error occurred in the decryption process may have dramatic consequences and led to issues within the TLS protocol and its implementations. Under modest assumptions, such information about the validity of the padding allow an attacker to decrypt the data. In this talk, we give an introduction to this kind of attacks, called padding oracle attacks. We share their inner workings and how to spot and exploit them.
