# Lab 5. Fundamentals Of Computer Security ## Mustafin Timur ## Crypto basics 1 ### Round 0 **AddRoundKey**: |00|00|00|00| |-|-|-|-| |00|00|00|00| |00|00|00|00| |00|00|00|00| ### Round 1 **SubBytes**: |63|63|63|63| |-|-|-|-| |63|63|63|63| |63|63|63|63| |63|63|63|63| **ShiftRows**: |63|63|63|63| |-|-|-|-| |63|63|63|63| |63|63|63|63| |63|63|63|63| **MixColumns**: |63|63|63|63| |-|-|-|-| |63|63|63|63| |63|63|63|63| |63|63|63|63| **AddRoundKey** |8B|74|8B|74| |-|-|-|-| |8A|75|8A|75| |8A|75|8A|75| |8A|75|8A|75| Using this [cool thing](https://www.nayuki.io/page/aes-cipher-internals-in-excel) ## Crypto basics 2 Padding Oracle Attack implies you have a ciphertext and some way to determine if the padding (last bytes) of the block is correct. Some implementations may return Error(HTTP 500 code because of uncatched exception) if the padding is wrong which can be used by attackers.  by knowing the padding we can decrypt brute-forcing bute by byte and stopping when the ckecker says "correct". "CBC Byte Flipping Attack" is such an attack when a cryptoanalysist can flip bites in ciphertext and predict the resulting change in plaintext. It happens because blocks are chained with simple XOR. So attacker may change a boolean value `var=1` in the plaintext by changing one byte in the ciphertext. ## Crypto basics 3 _Compute the output of the first round of AES to the input W and the subkeys W0, . . . ,W7:_ |F4|06|C8|29| |-|-|-|-| |DA|96|AD|25| |D5|61|9E|1E| |0A|FC|6C|74| _Compute the output of the first round of AES for the case that all input bits are zero (using the same key)._ |_DC_|06|C8|29| |-|-|-|-| |_CE_|96|AD|25| |_C1_|61|9E|1E| |_36_|FC|6C|74| _How many output bits have changed?_ 9 bits has changed. F4 1111 0100 DC 1101 1100 DA 1101 1010 CE 1100 1110 D5 1101 0101 C1 1100 0001 0A 0000 1010 36 0011 0110 ## Crypto basics 4 Round constant 10 is only used in AES-128: 0x36 Round constant 8 may be used in AES-128, AES-192: 0x80