Node:crypto and OpenSSL, _aes-cbc_ algorithm

Does somebody have knowledge of node:crypto module or could point out any fine resources? I’m struggling with Cryptopals challenges, and wanted to do it with Nodejs tools. It feels like there is some intricate interplay between Nodejs and OpenSSL, which isn’t described at https://nodejs.org/docs/latest-v16.x/api/crypto.html#class-decipher or in OpenSSL docs, but which prevents correct solving of the challenge.

I already debugged own solution in all the ways I could think of. Then rewrote their own Python solution to Nodejs, and still with no luck. Of course, there is a great chance of plain mistake in both of my attempts: they can be find in a codesandbox. The question is how does aes-cbc exactly works with .setAutoPadding(true)? Is there any built-in protection from padding oracle attack that should be bypassed? Sad enough all solutions I could find that made it up to this challenge are in other languages, or use own functions (which is great for learning to write, but it’s equally great to learn to use conventional tools).

PS An honor mention of @mahneh , who expressed interest in these, and could add something to the topic.

1 Like

I have only done a few lectures on stream ciphers, read part of des and aes but not enough really, so I don’t know what the Oracle Attack is, for example.

I will read your code for learning but certainly won’t add much. Thanks for including links.

Edit: You would get some ideas in the “crypto stack exchange” probably.

1 Like

Yeah. Though it looks like, they are not into Nodejs a lot.

I decided to postpone, this one, and get another attempt to find my silly mistake when I’ll learn another one more language. Or maybe somebody point it out earlier. :smile: