Scribd
Upload
15 views1 page

Fake - c1 DK (c'1) XOR (Attack XOR IV) c1 XOR IV XOR Attack c1 XOR Attack

This document discusses cryptographic techniques including hash functions, message authentication codes (MACs), padding errors, and ciphertext block chaining (CBC) mode. It first describes how a hash function h(x) maps inputs of size 2n bits to outputs of size n bits, and how the hash of two inputs x1 and x2 can be computed as h(x1) XOR h(x2). It then explains how a MAC error or padding error attack can allow an attacker to determine the key K used for a MAC by observing two messages m1 and m2 that use the same key. Finally, it analyzes how a padding error attack can recover a password encrypted in CBC mode by

Uploaded by

airbatash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views1 page

Fake - c1 DK (c'1) XOR (Attack XOR IV) c1 XOR IV XOR Attack c1 XOR Attack

This document discusses cryptographic techniques including hash functions, message authentication codes (MACs), padding errors, and ciphertext block chaining (CBC) mode. It first describes how a hash function h(x) maps inputs of size 2n bits to outputs of size n bits, and how the hash of two inputs x1 and x2 can be computed as h(x1) XOR h(x2). It then explains how a MAC error or padding error attack can allow an attacker to determine the key K used for a MAC by observing two messages m1 and m2 that use the same key. Finally, it analyzes how a padding error attack can recover a password encrypted in CBC mode by

Uploaded by

airbatash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

h(x)

1n
2n/2
XOR
x1,x2

h(x1) XOR h(x2)

2n/2
h(x3)=1n

h(x3)

x3

2n

1/2n

Ek

m2=x2||x1 m1=x1||x2
x2
x1
K=x1 XOR x2 for both m1,m2.
Hk(m1)=Ek(x1) XOR Ek(x2)=Ek(x2) XOR Ek(x1)=Hk(m2).

x1||x2

Attack
MAC error
Attack

padding error

7-i
i

i
i-1

MacError
padding
MacError

(Attack XOR IV)||c'1


||c'2

c'1=Ek(c1 XOR IV), where c1=Ek(Username XOR IV)


c'2=Ek(c2 XOR c'1) where c2=Ek(Password XOR c1)
IV
fake_c1=Dk(c'1) XOR (Attack XOR IV)=c1 XOR IV XOR Attack=c1 XOR Attack
c1
fake_c1
c2=Dk(c'2) XOR c'1
fake_padding=Dk(c2) XOR fake_c1=(Password XOR c1) XOR fake_c1=
=Password XOR c1 XOR c1 XOR Attack=
=Password XOR Attack
password XOR attack

padding error
MAC

Single CBC Mode

CyberSecEx4 Page 1

You might also like