The 2010 Pwnie Nominee For Most Innovative Research

Practical Padding Oracle Attacks

Author: Juliano Rizzo, Thai Duong

The padding oracle attack is a powerful crypto attack against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, it is possible to efficiently decrypt data without knowing the encryption key. In their research Juliano and Thai used this crypto attack to create a whole new set of practical web hacking techniques.