Welcome to the resource topic for 2023/1790

Title:
Compromising sensitive information through Padding Oracle and Known Plaintext attacks in Encrypt-then-TLS scenarios

Authors: Daniel Espinoza Figueroa

Let’s consider a scenario where the server encrypts data using AES-CBC without authentication and then sends only the encrypted ciphertext through TLS (without IV). Then, having a padding oracle, we managed to recover the initialization vector and the sensitive data, doing a cybersecurity audit for a Chilean company.

ePrint: https://eprint.iacr.org/2023/1790

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .