i have a series of encrypted text , they encrypted by aes 256 bit cbc mode for every encrypted text
there is an iv that i have them also and i know its algorithm is aes 256 bit cbc mode
i can generate new encrypted values that i know what is plain text, but the iv would be different
i have something else named mac that i don't know what it is, it is 64 character in hex format
by the way i know the algorithm is for one of laravel plugins named elocryptfive can i do any attack on it to find key or decrypt values?
Asked
Active
Viewed 2,959 times
-4
m kak
- 1
- 1
- 2
1 Answers
3
TL;DR: Chances are there are no attacks against this scheme.
What you are describing sounds exactly like a chosen-plaintext attack, e.g. you can query an oracle to encrypt plaintexts of your choice (using the oracle's random IVs).
Now, this attack is already stopped by AES-CBC which is provably immune to this sort of attack. And furthermore it seems like you can't even mount more advanced attacks which would work against plain AES-CBC as a message authentication code (MAC) seems to be used and judging by your description it's probably HMAC-SHA256 (which gives 256 bit = 32 byte = 64 hex chars output). If these two are put together even somewhat decently (e.g. encrypt-then-MAC), then there's no chance you will learn anything about the key or any plaintexts you didn't query yourself.
That said, the implementation may have flaws (such as being vulnerable to padding attacks or actually not MAC'ing the data but only hashing it), may offer side-channels (because of a bad implementation of AES) or may be otherwise exploitable (standard software exploits circumventing the encryption).
SEJPM
- 46,697
- 9
- 103
- 214