david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

BEAST: An Explanation of the CBC Attack on TLS

posted July 2017

I made a video explaining the BEAST attack. As usual it's more of an overview so head over to something like this for more details.

Well done! You've reached the end of my post. Now you can leave me a comment :)


Good explanation! However one slight issue. BEAST doesn't involve a padding oracle. I think you might be thinking of POODLE. A padding oracle is something that takes a ciphertext as input, decrypts it, and if a padding error is encountered reports it back to the person who submitted the ciphertext. Thanks!


oh my of course! I need to fix this. Did I say it was a padding oracle in the video itself? I hope I didn't :)

Thanks for pointing this out Dan.