Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the same sense that modern vulnerability research is in large part the study of leveraging the smallest possible memory corruption bug to obtain remote code execution, modern practical cryptanalysis is the study of leveraging the smallest possible unexpected behavior of any sort to full breaks in both confidentiality and integrity.

By way of example: you could "weaken" an RNG so that where a construction expects a 256 bit nonce, you generate only 255 secure bits. If that construction is ECDSA, there's a good chance you've managed to disclose to attackers your signing private key. You could "weaken" a protocol so that attackers can replace an original plaintext with 16 uniform random bits. If the protocol is using CBC mode, you've allowed attackers to recover whole plaintexts.

There aren't a lot of errors that get routinely made in crypto code that don't have devastating consequences.



> You could "weaken" a protocol so that attackers can replace an original plaintext with 16 uniform random bits. If the protocol is using CBC mode, you've allowed attackers to recover whole plaintexts.

Do you have a link explaining this?


I'm describing the CBC padding oracle attack.

I'm surprised this is the thing you want the link for, and not "1 biased bit destroys the security of a 256 bit nonce where the other 255 bits come from secure random".


> I'm describing the CBC padding oracle attack.

Ah! Wouldn't that be "attackers can replace an original ciphertext with two chosen blocks"?

> I'm surprised this is the thing you want the link for, and not "1 biased bit destroys the security of a 256 bit nonce where the other 255 bits come from secure random".

IIRC the link for that is in your hiring post!




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: