all InfoSec news
Compromising sensitive information through Padding Oracle and Known Plaintext attacks in Encrypt-then-TLS scenarios
Nov. 24, 2023, 2:36 a.m. |
IACR News www.iacr.org
ePrint Report: Compromising sensitive information through Padding Oracle and Known Plaintext attacks in Encrypt-then-TLS scenarios
Daniel Espinoza Figueroa
Let's consider a scenario where the server encrypts data using AES-CBC without authentication and then sends only the encrypted ciphertext through TLS (without IV). Then, having a padding oracle, we managed to recover the initialization vector and the sensitive data, doing a cybersecurity audit for a Chilean company.
aes attacks authentication ciphertext daniel data encrypt encrypted eprint report information oracle padding plaintext report scenario sensitive sensitive information server tls
More from www.iacr.org / IACR News
Regev Factoring Beyond Fibonacci: Optimizing Prefactors
1 day, 16 hours ago |
www.iacr.org
NTRU-based FHE for Larger Key and Message Space
1 day, 16 hours ago |
www.iacr.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cybersecurity Engineer
@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
Invoice Compliance Reviewer
@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
Technical Program Manager II - Compliance
@ Microsoft | Redmond, Washington, United States
Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence
@ Moonshot | Washington, District of Columbia, United States
Customer Engineer, Security, Public Sector
@ Google | Virginia, USA; Illinois, USA