Might have misunderstood challenge 14
Opened this issue · 1 comments
As I understand from your challenge 14 docs you're just asking the server again for ciphertext until you see three consecutive blocks, i.e. until the prepended random blob is blocksize long.
But I think (thought not sure) you misunderstood challenge 14 and it's a bit harder than you thought.
Now generate a random count of random bytes and prepend this string to every plaintext.
As I understand it, you should:
- Generate a random count of random bytes.
- Prepend this string (always the same!) to every plaintext. Just like the key is shared for all runs.
I was confused just like you, but I noticed...
AES-128-ECB(random-prefix || attacker-controlled || target-bytes, random-key)
...uses the same notation (random-) both for prefix and for key which suggests both are, in fact, fixed throughout all encryptions. I think that the fact that it makes the challenge (slightly) harder reinforces the idea.
Of course I might be wrong and maybe you got it right, but I still thought I should ping you in case you were interested on revisiting the challenge :)
Interesting, your reading is probably right. That basically means that the "servers prefix is NOT divisible by 16" case should be solved differently, re-sending the same input will not help. New exercise really is somewhat more interesting.
Thank you for pinging me. For now, I just updated javadoc with warning and link to this issue, so that future readers know about the difference.