Padding Oracles

Padding Oracles are a class of vulnerability that have been known since at least 1999, but yet are still not widely understood. This session provides a detailed overview of padding oracles, starting from the ground up. I argue that padding oracles are an excellent lens through which to understand the differences between confidentiality and integrity, and that too often that cryptographic protocols ignore the need for integrity, putting both the integrity and confidentiality of data at risk.

At the end of this presentation, a security engineer will be able to spot a padding oracle during a security review, and a software developer will have enough information to implement code that exhibits a padding oracles and a corresponding exploit for her own code.