Effective CISSP Questions

As the length of plaintext messages is variable, the last block of a message is typically padded (expanded) per a certain padding scheme to be at the same size as the underlying cipher block. Which of the following block cipher modes of operation is most likely subject to padding oracle attack or POODLE attack? (Wentz QOTD)
A. Counter (CTR)
B. Cipher block chaining (CBC)
C. Cipher feedback (CFB)
D. Output feedback (OFB)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Cipher block chaining (CBC).

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

A block cipher is a cryptographic algorithm operating on fixed-length blocks of bits. As a block has a fixed length and messages are variable in length, padding is required which adds data to the beginning, middle, or end of a message prior to encryption.

  • “In cryptography, a padding oracle attack is an attack which uses the padding validation of a cryptographic message to decrypt the ciphertext.” (Wikipedia)
  • “The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.” (Wikipedia)

Modes of Operation

There are various modes of operation designed to apply the cryptographic algorithm to enhance confidentiality, e.g., Cipher block chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), Counter (CTR), etc.

Secret Key: CBC and ECB

The CBC (and ECB) mode encrypts plaintext into ciphertext using the secret key; it requires padding.

Cipher block chaining (CBC)

Keystream: Cipher in Feedback or Counter Mode

However, a block cipher in feedback (CFB and OFB) or counter modes is used to generate the keystream, not to encrypt the plaintext directly, which is then used to encrypt the plaintext. A cipher using a keystream can handle plaintext in variable length and doesn’t require padding; the keystream works much the same as that used by a stream cipher. Please be aware that the cipher in feedback or counter modes accepts IV or counter as the input, not the plaintext.

Cipher feedback (CFB)
Output feedback (OFB)
Counter (CTR)


由於訊息的長度是變動的,因此明文的最後一個區塊通常按特定的填充方案填充(擴展)到與底層加密區塊相同的大小。 以下哪種區塊型加密器(block cipher)的運算模式最有可能受到填充預言機(Padding Oracle)攻擊或貴賓犬(POODLE)攻擊? (Wentz QOTD)
A. Counter (CTR)
B. Cipher block chaining (CBC)
C. Cipher feedback (CFB)
D. Output feedback (OFB)

Leave a Reply