Padding oracle CBC

Question

Padding oracle CBC

Closed this issue 8 years ago · 1 comments

This of course won't let us recover the first block, but this can't be helped.

Usually the fist block of cypher text is IV, so the algorithm can recover the first block of plain text too, if it doesn't exceed the maximum length of padding.

Answer 1 · 2016-09-19T09:40:52.000Z

Of course if we can influence the IV we can recover the whole plaintext including the first block, there is nothing special about it, but this requires particular conditions. In general case we the first block of ciphertext can't be decrypted.

It works in the special case you mentioned - if the IV is actually passed as first block :)