Eric Rafaloff

CBC Padding Oracle Visualized

The following image visualizes how the CBC padding oracle attack works, and aims to provide an intuitive sense for why padding information is leaked when a chosen-ciphertext attacker can distinguish between valid and invalid paddings. In this example an attacker is attempting to recover the last byte of a block of ciphertext.

Eric Rafaloff's Blog