all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Compromising sensitive information through Padding Oracle and Known Plaintext attacks in Encrypt-then-TLS scenarios

Add to bookmarks
Nov. 24, 2023, 2:36 a.m. |

IACR News www.iacr.org

ePrint Report: Compromising sensitive information through Padding Oracle and Known Plaintext attacks in Encrypt-then-TLS scenarios

Daniel Espinoza Figueroa


Let's consider a scenario where the server encrypts data using AES-CBC without authentication and then sends only the encrypted ciphertext through TLS (without IV). Then, having a padding oracle, we managed to recover the initialization vector and the sensitive data, doing a cybersecurity audit for a Chilean company.

aes attacks authentication ciphertext daniel data encrypt encrypted eprint report information oracle padding plaintext report scenario sensitive sensitive information server tls

Visit resource

More from www.iacr.org / IACR News

Computational Attestations of Polynomial Integrity Towards Verifiable Machine Learning 1 day, 16 hours ago | www.iacr.org
complexity computational continue emerging +11
A note on ``a lightweight mutual and transitive authentication mechanism for IoT network'' 1 day, 16 hours ago | www.iacr.org
anonymity authentication eprint report iot +5
Towards Permissionless Consensus in the Standard Model via Fine-Grained Complexity 1 day, 16 hours ago | www.iacr.org
agreement complexity eprint report peter +4
Regev Factoring Beyond Fibonacci: Optimizing Prefactors 1 day, 16 hours ago | www.iacr.org
algorithm beyond bridge concrete +7
Organizing Records for Retrieval in Multi-Dimensional Range Searchable Encryption 1 day, 16 hours ago | www.iacr.org
arrays efficiency encryption eprint report +9
Unconditional correctness of recent quantum algorithms for factoring and computing discrete logarithms 1 day, 16 hours ago | www.iacr.org
algorithm algorithms compute computing +11
NTRU-based FHE for Larger Key and Message Space 1 day, 16 hours ago | www.iacr.org
asiacrypt block building encryption +10
Vision Mark-32: ZK-Friendly Hash Function Over Binary Tower Fields 1 day, 16 hours ago | www.iacr.org
applications binary eprint report fast +13
Further Investigations on Nonlinear Complexity of Periodic Binary Sequences 1 day, 16 hours ago | www.iacr.org
binary complexities complexity eprint report +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
View on infosec-jobs.com

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
View on infosec-jobs.com

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States
View on infosec-jobs.com

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA
View on infosec-jobs.com
View more jobs