Something about the way this is written sets off alarm bells for me. This is a learning resource, and yet the review includes this paragraph:
The practical experience of breaking real world cryptography through exercises such as Electronic Code Book, Cipher Block Chaining, Padding Oracle, and ECDSA. Note: Although the number of crypto exercises here cannot compete with CryptoPals (which is exclusively about breaking real world cryptography), at least at PentesterLab you get certifications (badges) as evidence of your acquired skills.
I can't see these exercises because they cost money, but I'll charitably guess that the ECB exercise is an attack on cut-and-pastability of ECB, the CBC exercise rewrites a plaintext from unauthenticated CBC, "Padding Oracle" is what it sounds like, and ECDSA is a repeated ECDSA nonce.
Those are fine exercises (though, as the review points out, you can get better ones for free elsewhere). But did the students doing them really learn what they were doing? "Electronic Code Book" isn't an attack and it's not comparable to "Padding Oracle" or "ECDSA". The clunky way the exercises are described leave me with the suspicion that people do these things to collect badges, and little else.
Fair point and you're (obviously) spot-on for the attacks and very valid point on the names used.
It's a problem with most learning resources, you get what you put it. Most people get out of these exercises one of these two things (or both):
#1 a real understanding of the issue (best case scenario)
#2 awareness that encrypted/signed doesn't mean bulletproof.
Worst case scenario, I think these exercises help people with #2 and may get them to look a bit deeper when they are reviewing applications. It's not meant to be a crypto training (IANAC), the goal is to help people gain some awareness around crypto issues they may encounter during an assessment.
I've been using http://www.pentesteracademy.com/topics for many years now. Highly recommend them esp. for Network Pentesting, Windows Red-Blue teaming and others.
The practical experience of breaking real world cryptography through exercises such as Electronic Code Book, Cipher Block Chaining, Padding Oracle, and ECDSA. Note: Although the number of crypto exercises here cannot compete with CryptoPals (which is exclusively about breaking real world cryptography), at least at PentesterLab you get certifications (badges) as evidence of your acquired skills.
I can't see these exercises because they cost money, but I'll charitably guess that the ECB exercise is an attack on cut-and-pastability of ECB, the CBC exercise rewrites a plaintext from unauthenticated CBC, "Padding Oracle" is what it sounds like, and ECDSA is a repeated ECDSA nonce.
Those are fine exercises (though, as the review points out, you can get better ones for free elsewhere). But did the students doing them really learn what they were doing? "Electronic Code Book" isn't an attack and it's not comparable to "Padding Oracle" or "ECDSA". The clunky way the exercises are described leave me with the suspicion that people do these things to collect badges, and little else.