|
|
|
|
|
|
by tptacek
617 days ago
|
|
|
I'm not sure what part of Signal you're referring to, but the Signal Protocol generally uses AEAD constructions. That aside: the kind of padding is not the issue; every serious system that uses CBC uses PKCS7 padding. The issue is the lack of authenticated ciphertext, which is what enables the attack. The authenticated scheme composing CBC and HMAC in an EtM arrangement is not susceptible to padding oracle attacks. There are other error and behavior oracles for other padding schemes, and for different block cipher modes. |
|
|