/plushcap/analysis/cloudflare/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites

Padding oracles and the decline of CBC-mode cipher suites

What's this blog post about?

Cipher block chaining (CBC) has been widely used in cryptography but has proven difficult to use safely. Recent trends in the adoption of secure ciphers by web clients have helped reduce the web's reliance on this technology. One solution to the issues with CBC is AEAD (Authenticated Encryption with Associated Data), which combines a stream cipher and an authentication step along the way rather than computing the MAC at the end. CloudFlare implements two such cipher modes, AES-GCM and ChaCha20-Poly1305. Adoption of AEAD cipher modes in clients is growing, with most modern browsers and operating systems supporting at least one AEAD cipher suite in their TLS software.

Company
Cloudflare

Date published
Feb. 12, 2016

Author(s)
Nick Sullivan

Word count
2755

Language
English

Hacker News points
63


By Matt Makai. 2021-2024.