Skip to main content
Cryptography

Questions tagged [padding]

Ask Question

Padding has two primary uses in cryptography, ensuring messages are the proper length necessary for certain ciphers (e.g., block ciphers) or to provide assurances not built into the core cipher (e.g., semantic security)

332 questions
Newest Active Bountied Unanswered
1 vote
2 answers
225 views

I understand that pkcs7 padding pads the remaining bytes to fulfill the bloc size with bytes of the number of bytes needed. But when written in text format these bytes will output nonprintable ...
Vladislav Ciolac's user avatar
  • 11
1 vote
2 answers
245 views

Let $n$, $e$ be an RSA public key. Let $k$ be the byte length of $n$. Hence, we have $2^{8(k-1)} \le n \lt 2^{8k}$. A data string $DS$, consisting of $|DS|$ bytes, is encrypted as follows. First, a ...
Peter Mudrievskij's user avatar
  • 11
3 votes
3 answers
1k views

I am taking the Online cryptography course by Dan Boneh. There is a segment that talks about MAC Padding. Padding is an act of appending bits to the last block of the message for the MAC constructed ...
Continuous Improvement's user avatar
  • 55
2 votes
1 answer
121 views

I am using the sha3-256 and sha3-512 hash functions that are implemented in this repo: https://github.com/PQClean/PQClean/tree/master in the part ../common/fips202.c. To understand how they work I ...
Jorge's user avatar
  • 23
0 votes
0 answers
79 views

I am trying exploit the padding oracle vulnerabiltiy using Padbuster and it works ...
Johnny's user avatar
  • 57
2 votes
1 answer
152 views

$$\text{HMAC}(K, m) = \text{H}((K' \oplus \mathbb{opad}) || \text{H}((K' \oplus \mathbb{ipad}) || m))\\K' = \begin{cases} \text{H}(K) & \text{if } K \text{ is larger than block size} \\ K & \...
eternalstudent's user avatar
  • 21
1 vote
0 answers
82 views

I am using the article "Oracle Padding Attack by Mahmoud Jadaan" article to understand the padding oracle attack. In my personal github project is the code that performs all the decryption ...
Johnny's user avatar
  • 57
0 votes
1 answer
119 views

I have gone through this question but still unable to grasp the concept of Padding Oracle Padding Oracle: Why should padding be 0x01? My question is if we say $P_i=D_k(C_i) \oplus \mathit{IV}$ Shouldn'...
Johnny's user avatar
  • 57
0 votes
0 answers
76 views

I have AES CBC 128 bit code in hex (each 2 character is one byte in hexadecimal representation). ...
Krzysiek's user avatar
  • 1
1 vote
1 answer
206 views

I have a black box system that is doing some encryption that I need to reverse engineer so I can replicate it in new software. I know the input, the output, and the key. An example: Plain text: ...
Jordan's user avatar
  • 131
1 vote
1 answer
131 views

Suppose I use a sponge hash construction with rate $r$, and I have two messages of lengths $\ell_0 r$ and $\ell_1 r$ for $\ell_0,\ell_1\geq0$, and they are not necessarily already correctly padded. ...
Joseph Johnston's user avatar
  • 13
2 votes
1 answer
267 views

I am studying AES algorithm, as far as I know, encrypting a 16 bytes plaintext will result in a 16 bytes ciphertext. But I got a different result when trying to encrypt a 16 bytes plaintext using AES-...
user25513320's user avatar
  • 21
1 vote
1 answer
125 views

For Merkle-Damgård hashing, MD-compliant padding is defined as any padding scheme satisfying: $M$ is a prefix of $\text{Pad}(M)$ $|M_1|=|M_2|\Rightarrow |\text{Pad}(M_1)|=|\text{Pad}(M_2)|$ $|M_1|\...
hegash's user avatar
  • 113
2 votes
0 answers
60 views

Is there an easy example of a Merkle-Damgård constructed hash that does not have Merkle-Damgård compliant padding and is collision resistant? Is there an example that does not have MD-compliant ...
revision's user avatar
  • 95
1 vote
0 answers
94 views

I would like an easy to read proof that shows that it is sufficient for a padding scheme to be suffix-free for it to be collision resistant. Whenever I have come across such a proof it always seems to ...
revision's user avatar
  • 95

15 30 50 per page
1
2 3 4 5
23