Tampering With Encrypted Files: A CBC Mode Vulnerability
Tamper encrypted HTML file using CBC encryption: Replace `<html>` in 2nd block with `:)` by modifying 1st ciphertext block & decrypting with OpenSSL.
Just like in yesterday's tutorial, I want to demonstrate a bitflip attack on an AES-CBC encrypted ciphertext. This time, we won't change the first plaintext block by tampering with the IV but the second one by tampering with the first ciphertext block. To follow along, you'll need a shell on a *nix system, the OpenSSL command line utility, hexdump, dd and basenc (which is part of GNU corutils). The attack doesn't depend on the block cipher (although I'll be using the fact that AES has a block size of 128 bit) but only on the mode of operation, which is CBC. For an introduction to CBC, take a l...