[cybergibbons]

I've added a section on padding oracle attacks towards the bottom.

I don't think there's a significant different in ease of understanding between most of the modes. I used CBC as it's one of the most common and familiar modes, and because it's where I have seen this issue many times. I don't see CTR used in the wild very often.

I also tend to use CBC for other demos as well, so it makes things consistent.

[tptacek]

For the benefit of the thread: the variant of the CBC bitflipping attack that applies to the more common CTR stream cipher mode is: you simply XOR in whatever data you want, directly to the bytes you want to alter, and that's the end of the attack.