calofmijuck/blog
1
0
Fork 0
mirror of https://github.com/calofmijuck/blog.git synced 2025-12-06 14:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: fix all broken links

Browse Source
This commit is contained in:
Sungchan Yi
2024-11-12 22:47:01 +09:00
parent e1b1ec6fc5
commit c446506f4a
14 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
_posts/lecture-notes/internet-security/2023-10-18-tls.md
View File

@@ -62,13 +62,13 @@ You can check if TLS is used on your browser. The address should begin with `htt
## CBC Padding Oracle Attack
Recall [CBC Mode (Internet Security)](./2023-09-18-symmetric-key-cryptography-2.md#cipher-block-chaining-mode-(cbc)) .
Recall [CBC Mode (Internet Security)](../2023-09-18-symmetric-key-cryptography-2/#cipher-block-chaining-mode-(cbc)) .
Suppose that each block has $8$ bytes. If the message size is not a multiple of the block size, we pad the message. If we need to pad $b$ bytes, we pad $b$ bytes with $b$, encoded in binary.
If the padding is not valid, the decryption algorithm outputs a *padding error* during the decryption process. The attacker can observe if a padding error has occurred, and use this information to recover the plaintext.
To defend this attack, we can use [encrypt-then-MAC (Modern Cryptography)](../modern-cryptography/2023-09-26-cca-security-authenticated-encryption.md#encrypt-then-mac-(etm)), or hide the padding error.
To defend this attack, we can use [encrypt-then-MAC (Modern Cryptography)](../../modern-cryptography/2023-09-26-cca-security-authenticated-encryption/#encrypt-then-mac-(etm)), or hide the padding error.
### Attack in Detail
@@ -114,7 +114,7 @@ $$
## Hashed MAC (HMAC)
Let $H$ be a has function. We defined MAC as $H(k \parallel m)$ where $k$ is a key and $m$ is a message. This MAC is insecure if $H$ has [Merkle-Damgård construction](../modern-cryptography/2023-09-28-hash-functions.md#merkle-damgård-transform), since it is vulnerable to length extension attacks. See [prepending the key in MAC is insecure (Modern Cryptography)](../modern-cryptography/2023-09-28-hash-functions.md#prepending-the-key).
Let $H$ be a has function. We defined MAC as $H(k \parallel m)$ where $k$ is a key and $m$ is a message. This MAC is insecure if $H$ has [Merkle-Damgård construction](../../modern-cryptography/2023-09-28-hash-functions/#merkle-damgård-transform), since it is vulnerable to length extension attacks. See [prepending the key in MAC is insecure (Modern Cryptography)](../../modern-cryptography/2023-09-28-hash-functions/#prepending-the-key).
Choose a key $k \leftarrow \mathcal{K}$, and set