calofmijuck/blog
1
0
Fork 0
mirror of https://github.com/calofmijuck/blog.git synced 2025-12-06 14:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: fixed internal, external links

Browse Source
This commit is contained in:
Sungchan Yi
2023-10-30 20:31:40 +09:00
parent 30a1a142d4
commit a8457d15c8
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/Lecture Notes/Internet Security/2023-10-16-pki.md
View File

@@ -95,7 +95,7 @@ Thus we validate certificates by the following process. Suppose we received a ce
We will request the certificate of a root CA at the end. If everything went well, all the intermediate certificates will have been verified. Now we must verify the certificate of a root CA, but a root CA does not have any higher level CAs. We will request the certificate of a root CA at the end. If everything went well, all the intermediate certificates will have been verified. Now we must verify the certificate of a root CA, but a root CA does not have any higher level CAs.
Root CAs are decided publicly by the [CA/Browser forum](CABforum.org). Thus they are acknowledged by the public community, and we agree that root CAs can be trusted. Therefore, root CAs sign their own certificates. Root CAs are decided publicly by the [CA/Browser forum](https://cabforum.org/). Thus they are acknowledged by the public community, and we agree that root CAs can be trusted. Therefore, root CAs sign their own certificates.
In many web browsers, root CAs are whitelisted so that they are always trusted. In many web browsers, root CAs are whitelisted so that they are always trusted.

6
_posts/Lecture Notes/Internet Security/2023-10-18-tls.md
View File

@@ -61,13 +61,13 @@ You can check if TLS is used on your browser. The address should begin with `htt
## CBC Padding Oracle Attack ## CBC Padding Oracle Attack
Recall [CBC Mode (Internet Security)](2023-09-18-symmetric-key-cryptography-2.md#cipher-block-chaining-mode-cbc) . Recall [CBC Mode (Internet Security)](../2023-09-18-symmetric-key-cryptography-2#cipher-block-chaining-mode-cbc) .
Suppose that each block has $8$ bytes. If the message size is not a multiple of the block size, we pad the message. If we need to pad $b$ bytes, we pad $b$ bytes with $b$, encoded in binary. Suppose that each block has $8$ bytes. If the message size is not a multiple of the block size, we pad the message. If we need to pad $b$ bytes, we pad $b$ bytes with $b$, encoded in binary.
If the padding is not valid, the decryption algorithm outputs a *padding error* during the decryption process. The attacker can observe if a padding error has occurred, and use this information to recover the plaintext. If the padding is not valid, the decryption algorithm outputs a *padding error* during the decryption process. The attacker can observe if a padding error has occurred, and use this information to recover the plaintext.
To defend this attack, we can use [encrypt-then-MAC (Modern Cryptography)](2023-09-26-cca-security-authenticated-encryption.md#encrypt-then-mac-etm), or hide the padding error. To defend this attack, we can use [encrypt-then-MAC (Modern Cryptography)](../../modern-cryptography/2023-09-26-cca-security-authenticated-encryption#encrypt-then-mac-etm), or hide the padding error.
### Attack in Detail ### Attack in Detail
@@ -113,7 +113,7 @@ $$
## Hashed MAC (HMAC) ## Hashed MAC (HMAC)
Let $H$ be a has function. We defined MAC as $H(k \parallel m)$ where $k$ is a key and $m$ is a message. This MAC is insecure if $H$ has [Merkle-Damgård construction](2023-09-28-hash-functions.md#merkle-damgard-transform), since it is vulnerable to length extension attacks. See [prepending the key in MAC is insecure (Modern Cryptography)](2023-09-28-hash-functions.md#prepending-the-key). Let $H$ be a has function. We defined MAC as $H(k \parallel m)$ where $k$ is a key and $m$ is a message. This MAC is insecure if $H$ has [Merkle-Damgård construction](../../modern-cryptography/2023-09-28-hash-functions#merkle-damg%C3%A5rd-transform), since it is vulnerable to length extension attacks. See [prepending the key in MAC is insecure (Modern Cryptography)](../../modern-cryptography/2023-09-28-hash-functions#prepending-the-key).
Choose a key $k \leftarrow \mathcal{K}$, and set Choose a key $k \leftarrow \mathcal{K}$, and set