I appreciate your efforts at actually elevating this discussion. Yes, I said something too general when I really was just trying to describe _this_ particular HTML-page encryption implementation.
You're right that its possible that an offline decryption algorithm could in fact be a padding oracle under the right scenario. But I still posit it probably doesn't apply to this static-HTML page generator.
You're right that its possible that an offline decryption algorithm could in fact be a padding oracle under the right scenario. But I still posit it probably doesn't apply to this static-HTML page generator.