Lets say that I have a server which encrypts information at the server side usin

Question

Lets say that I have a server which encrypts information at the server side using ECB mode with the blocksize of 16. If the server appends data that I control with a secret and sends back the ciphertext, it is possible for me to figure out what the secret is, by bruteforcing one character at a time.

Now lets consider a scenario where there is some secret data(say A) being prepended to my data(whose length I'm unaware of). There is also some some other secret data(say B, whose length I'm also unaware of) appended to my data. This is then encrypted and sent back over to me. Is there any way I can figure out what "B" is?

Explanation / Answer

Yes, this is easy enough to exploit.

Start by sending any 15-byte message m, and then 256 different 16-byte messages consisting of m followed by each of the 256 possible values of the last byte.

One of the encrypted 16-byte messages will have the same first ciphertext block as the encryption of m. Find out which, and you've found the first byte of the secret!

Now, can you figure out how to repeat this to find the second byte of the secret, and so on?

For the second task, start by figuring out the length of the secret prefix. How would you do that? (Hint: Try changing the first byte of your message and seeing which ciphertext block changes. What does this tell you? How would you figure out the length of the prefix more precisely?)

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.