Practical Padding Oracle Attacks on RSA

Authors
Publication date
1 January 2012
Publisher
Hackin9, IT Security Magazine

Abstract

We revise attacks on the RSA cipher based on side-channels that leak partial information about the plaintext. We show how to compute a plaintext when only its parity is leaked. We then describe PKCS#1 v1.5 padding for RSA and we show that the simple leakage of padding errors is enough to recover the whole plaintext, even when it is unpadded or padded under another scheme. This vulnerability is well-known since 1998 but the flawed PKCS#1 v1.5 padding is still broadly in use. We discuss recent optimizations of this padding oracle attack that make it effective on commercially available cryptographic devices

    Similar works

    Full text

    thumbnail-image

    Available Versions

    Archivio istituzionale della ricerca - Università degli Studi di Venezia Ca' Foscari

    redirect
    oaioai:iris.unive.it:10278/35298
    Last time updated on 09/08/2019

    Name not available

    redirect
    oaioai:iris.unive.it:10278/35298
    Last time updated on 12/11/2016

    Archivio Istituzionale della Ricerca

    redirect
    oaioai:iris.unive.it:10278/35298
    Last time updated on 10/04/2020

    Archivio Ricerca Ca'Foscari

    redirect
    oaioai:iris.unive.it:10278/35298
    Last time updated on 15/06/2016