πŸ“‰
RE & For & Crypto
Crypto
Crypto
  • Crypto Book
    • Platforms & Playgrounds
    • People and Blogs
  • Π‘ΠΈΠΌΠΌΠ΅Ρ‚Ρ€ΠΈΡ‡Π½ΠΎΠ΅ ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
    • Π‘Π»ΠΎΡ‡Π½Ρ‹Π΅ ΡˆΠΈΡ„Ρ€Ρ‹
      • AES
        • Атаки
          • AES-ECB: Padding Oracle Attacks
          • AES-CBC: Bitflip
          • AES-CBC: Padding Oracle
          • AES-CTR: Fixed nonce
          • AES-CTR: Bitflip
          • AES-CBC: Key=IV insecure
      • DES
    • ΠŸΠΎΡ‚ΠΎΡ‡Π½Ρ‹Π΅ ΡˆΠΈΡ„Ρ€Ρ‹
      • ΠšΠΎΡ€Ρ€Π΅Π»ΡΡ†ΠΈΠΎΠ½Π½Ρ‹ΠΉ Π°Π½Π°Π»ΠΈΠ·
      • Алгоритм БСрлСкэмпа-МСсси восстановлСния Π²Π½ΡƒΡ‚Ρ€Π΅Π½Π½Π΅Π³ΠΎ состояния Π›Π Π‘ ΠΏΠΎ Π³Π°ΠΌΠΌΠ΅
    • RNG
      • Mersenne Twister RNG
  • АсиммСтричноС ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
    • ЭллиптичСскиС ΠΊΡ€ΠΈΠ²Ρ‹Π΅
    • Tools
      • Ѐакторизация чисСл
      • RSATool
    • Diffie-Hellman
    • Атаки Π½Π° RSA
      • ВычислСниС ΠΊΠ²Π°Π΄Ρ€Π°Ρ‚Π½ΠΎΠ³ΠΎ корня ΠΏΠΎ ΠΌΠΎΠ΄ΡƒΠ»ΡŽ
      • Если извСстна Ρ‡Π°ΡΡ‚ΡŒ Π·Π°ΠΊΡ€Ρ‹Ρ‚ΠΎΠΉ экспонСнты ΠΈΠ»ΠΈ экспонСнта ΠΌΠ°Π»Π° (e=3)
      • Π‘Π°Π·ΠΎΠ²Ρ‹Π΅ Π°Ρ‚Π°ΠΊΠΈ
    • Π‘Ρ‚Π°Ρ‚ΡŒΠΈ
  • ΠšΠ»Π°ΡΡΠΈΡ‡Π΅ΡΠΊΠΈΠ΅ ΡˆΠΈΡ„Ρ€Ρ‹
    • Enigma
    • Tools
      • playfair brecker
      • Атаки Π½Π° классичСскиС ΡˆΠΈΡ„Ρ€Ρ‹
      • Поиск слов ΠΏΠΎ ΡˆΠ°Π±Π»ΠΎΠ½Ρƒ
  • Π₯Сш-Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ
    • MAC
      • Attacks
        • SHA1-MAC: Length-Extension Attack
        • HMAC-SHA1: Break with an artificial timing leak β€” ΡƒΡ‚Π΅Ρ‡ΠΊΠΈ Π²Ρ€Π΅ΠΌΠ΅Π½ΠΈ
    • KDF
    • Tools
  • Π‘Π»ΠΎΠΊΡ‡Π΅ΠΉΠ½-Ρ‚Π΅Ρ…Π½ΠΎΠ»ΠΎΠ³ΠΈΠΈ
    • Bitcoin
    • Script
    • Web3
    • DeFi
    • ZK | Zero Knowledge
    • Etherium Blockchain Contracts
      • About Smart-contracts and Ethereum
      • ERC
      • EVM | Ethereum Virtual Machine
        • Concepts
        • Languages
          • Solidity
          • Yul
          • Viper
          • Rust
      • Development Platforms And Frameworks
        • Truffle
        • Hardhat
        • Brownie
        • Remix IDE
      • Настройка окруТСния (Π½Π° Π±Π°Π·Π΅ Remix IDE)
      • Blockchain Platforms
      • OpenZeppelin
      • CTF examples
        • HoneyPots
        • Sharkyctf2020
        • PHDays10
        • OpenZeppelin Ethernaut
        • List of CTFs
      • Talks & Papers
      • Tools
      • Vulnerabilities
      • Companies
    • API Π½Π΅ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… Π²Π°Π»ΡŽΡ‚
    • Hyperledger
    • Tools
    • Mixers
  • ΠŸΡ€ΠΈΠΊΠ»Π°Π΄Π½ΠΎΠ΅ ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
    • Π‘Π²ΠΎΠΉ SSL Cert для сайта
    • How Certificate Transparency Works
    • DPAPI
    • OpenSSL
      • Π§Ρ‚Π΅Π½ΠΈΠ΅ сСртификатов ΠΈ ΠΊΠ»ΡŽΡ‡Π΅ΠΉ
  • Learning
    • Certificates
    • Platforms
    • Books & Papers
Powered by GitBook
On this page
  1. Π‘ΠΈΠΌΠΌΠ΅Ρ‚Ρ€ΠΈΡ‡Π½ΠΎΠ΅ ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
  2. Π‘Π»ΠΎΡ‡Π½Ρ‹Π΅ ΡˆΠΈΡ„Ρ€Ρ‹
  3. AES
  4. Атаки

AES-CBC: Key=IV insecure

PreviousAES-CTR: BitflipNextDES

Last updated 3 years ago

Π­Ρ‚ΠΎ нСбСзопасно, Ρ‚ΠΊ ΠΌΠΎΠΆΠ½ΠΎ Π²ΠΎΡΡΡ‚Π°Π½ΠΎΠ²ΠΈΡ‚ΡŒ ΠΊΠ»ΡŽΡ‡

ΠŸΡ€ΠΈΠΌΠ΅Ρ€:

Applications sometimes use the key as an IV on the auspices that both the sender and the receiver have to know the key already, and can save some space by using it as both a key and an IV.

Using the key as an IV is insecure; an attacker that can modify ciphertext in flight can get the receiver to decrypt a value that will reveal the key.

The CBC code from exercise 16 encrypts a URL string. Verify each byte of the plaintext for ASCII compliance (ie, look for high-ASCII values). Noncompliant messages should raise an exception or return an error that includes the decrypted plaintext (this happens all the time in real systems, for what it's worth).

Use your code to encrypt a message that is at least 3 blocks long:

AES-CBC(P_1, P_2, P_3) -> C_1, C_2, C_3

Modify the message (you are now the attacker):

C_1, C_2, C_3 -> C_1, 0, C_1

Decrypt the message (you are now the receiver) and raise the appropriate error if high-ASCII is found.

As the attacker, recovering the plaintext from the error, extract the key:

P'_1 XOR P'_3
https://cryptopals.com/sets/4/challenges/27