Eli Sohl

Exploiting Noisy Oracles with Bayesian Inference

In cryptographic attacks, we often rely on abstracted information sources which we call “oracles”. Classic examples include the RSA parity oracle attack, which depends on an oracle disclosing the least-significant bit of a ciphertext’s decryption; Bleichenbacher’s attack on PKCS#1v1.5 RSA padding, which depends on an oracle for whether a given…

Read more

June 23, 2023

10 mins read

Read more

Announcing NCC Group’s Cryptopals Guided Tour: Set 2

Hello and welcome to NCC Group’s Cryptopals guided tour! This post is the second in a series of eight installments (previously) covering the solutions to the Cryptopals Crypto Challenges. For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks…

Read more

Announcing NCC Group’s Cryptopals Guided Tour!

Hello and welcome to NCC Group’s Cryptopals guided tour! This post is the first in a series of eight installments covering the solutions to the Cryptopals Crypto Challenges. These have been a long time coming, and we’re excited to finally start bringing them to you. For those who don’t know,…

Read more

December 10, 2021

6 mins read

Read more

Cryptopals: Exploiting CBC Padding Oracles

This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you’ve done the Cryptopals cryptography challenges, you’ll remember it as challenge 17. This is a famous and elegant attack. With it, we will see how even a small data leak (in this case, the presence…

Read more

February 17, 2021

12 mins read

Read more