Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Padding oracle attack
open-in-new
<p> In cryptography, a padding oracle attack is an attack which uses the <a href="/facts/Padding_(cryptography)/okxl18q9">padding</a> validation of a cryptographic message to decrypt the ciphertext. In cryptography, variable-length plaintext messages often have to be padded (expanded) to be compatible with the underlying <a href="/facts/Cryptographic_primitive/fy6vq5YM">cryptographic primitive</a>. The attack relies on having a "padding <a href="/facts/Oracle_machine/6ScMuvvY">oracle</a>" who freely responds to queries about whether a message is correctly padded or not. The information could be directly given, or leaked through a <a href="/facts/Side-channel_attack/2B1dfBty">side-channel</a>. </p><p>The earliest well-known attack that uses a padding oracle is <a href="/facts/Adaptive_chosen-ciphertext_attack/SCKGPjI6">Bleichenbacher's attack</a> of 1998, which attacks <a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a> with <a href="/facts/PKCS_1/I6JD53RG">PKCS #1 v1.5</a> padding. The term "padding oracle" appeared in literature in 2002, after <a href="/facts/Serge_Vaudenay/I0gArgAK">Serge Vaudenay</a>'s attack on the <a href="/facts/CBC_mode_of_operation/vIUabB2z">CBC mode decryption</a> used within symmetric <a href="/facts/Block_cipher/MJywAyfQ">block ciphers</a>. Variants of both attacks continue to find success more than one decade after their original publication. </p>