I considered using a padding oracle attack in the post, but it's aimed at a very basic level of understanding. I find padding oracles are much harder to describe to newcomers.
Also, the XOR malleability issue is present in lots of block modes of operation.
You can read downthread commenters on this post taking away the message that when you select cryptographic building blocks, you need to determine "if you care about" message tampering. Which is, of course, not the message people need to hear.
Another note would be to point out that the limited attack you presented is a lot simpler to understand and execute in CTR mode (and has the benefit also of being more common in practice).
I've added a section on padding oracle attacks towards the bottom.
I don't think there's a significant different in ease of understanding between most of the modes. I used CBC as it's one of the most common and familiar modes, and because it's where I have seen this issue many times. I don't see CTR used in the wild very often.
I also tend to use CBC for other demos as well, so it makes things consistent.
tptacek|5 years ago
Another note would be to point out that the limited attack you presented is a lot simpler to understand and execute in CTR mode (and has the benefit also of being more common in practice).
cybergibbons|5 years ago
I don't think there's a significant different in ease of understanding between most of the modes. I used CBC as it's one of the most common and familiar modes, and because it's where I have seen this issue many times. I don't see CTR used in the wild very often.
I also tend to use CBC for other demos as well, so it makes things consistent.
cybergibbons|5 years ago