Python

A Piecewise Hashing Example

NOTE: ChatGPT was used to create some portions of the code in this article. The words are mine.

The Problem

When cybersecurity analysts find malicious files, they share their finding with the greater security community. They run the file through a cryptographic hashing function and share the results of this function, called a hash. The hash is a kind of fingerprint that identifies the file based on the information contained in the file. Others can look through their environments, hash their files, and compare the results to hunt for the malicious file.

AES-CBC Padding Explained

Encrypting plaintext using Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode requires the plaintext to be a multiple of 16 bytes long. All plaintext is padded before encryption. The padding method is described in Section 6.3 of PKCS #7.

The Padding Technique

If the last block of the plaintext message has 1 byte (e.g., if the plaintext is 17, 33, or 49 bytes), then 15 bytes of the value 0x0f (15) are added to the end of the plaintext. Finding the number of bytes in the last block is trivial using modulo math in python.