This is more out of curiosity than concern, but is the aes-256-cbc implementation that is used with airvpn vulnerable to padding oracle attacks? some context: https://en.wikipedia.org/wiki/Padding_oracle_attack https://crypto.stackexchange.com/questions/18185/modes-of-operation-that-allow-padding-oracle-attacks Thanks!