Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Block cipher
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Padding== {{Main|Padding (cryptography)}} Some modes such as the CBC mode only operate on complete plaintext blocks. Simply extending the last block of a message with zero bits is insufficient since it does not allow a receiver to easily distinguish messages that differ only in the number of padding bits. More importantly, such a simple solution gives rise to very efficient [[padding oracle attack]]s.<ref name="padding-attack">{{cite book|author=Serge Vaudenay|title=Advances in Cryptology β EUROCRYPT 2002 |chapter=Security Flaws Induced by CBC Padding β Applications to SSL, IPSEC, WTLS |series=Lecture Notes in Computer Science |volume=2332 |issue=2332|pages=534β545|publisher=Springer Verlag|year=2002 |doi=10.1007/3-540-46035-7_35 |isbn=978-3-540-43553-2 }}</ref> A suitable [[padding (cryptography)|padding scheme]] is therefore needed to extend the last plaintext block to the cipher's block size. While many popular schemes described in standards and in the literature have been shown to be vulnerable to padding oracle attacks,<ref name="padding-attack"/><ref name="oz-pad">{{cite book|author1=Kenneth G. Paterson|author2=Gaven J. Watson|title=Security and Cryptography for Networks |chapter=Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment |series=Lecture Notes in Computer Science |volume=5229|issue=5229|pages=340β357|publisher=Springer Verlag|year=2008|doi=10.1007/978-3-540-85855-3_23|isbn=978-3-540-85854-6 }}</ref> a solution that adds a one-bit and then extends the last block with zero-bits, standardized as "padding method 2" in ISO/IEC 9797-1,<ref name="iso-iec 9797-1">{{citation|title=ISO/IEC 9797-1: Information technology β Security techniques β Message Authentication Codes (MACs) β Part 1: Mechanisms using a block cipher|publisher=ISO/IEC|year=2011|url=http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=50375}}</ref> has been proven secure against these attacks.<ref name="oz-pad"/>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)