The learning objective of this lab is for students to get a hands-on
experience on an interesting attack on crypto systems.
Some systems, when decrypting a given ciphertext,
verify whether the padding is valid or not,
and throw an error if the padding is invalid. This
seemly-harmless behavior enables a type of attack
called padding oracle attack.
Many well-known systems were found vulnerable to this attack,
including Ruby on Rails, ASP.NET, and OpenSSL.
In this lab, students are given two oracle servers running inside
a container. Each oracle has a secret message hidden inside,
and it lets you know the ciphertext and the IV. Moreover,
for any ciphertext provided by you, it tells you whether
the padding is valid or not.
Your job is to use the response from
the oracle to figure out the content of the secret message.
Please give us your feedback on this lab using this feedback form. | |
The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs. |