 |
Business | Industries | Finance | Tax |
| Index: > A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
|
|||||
| First Prev [ 1 2 ] Next Last |
The simplest of the encryption modes is the electronic codebook (ECB) mode, in which the message is split into blocks and each is encrypted separately. The disadvantage of this method is that identical plaintext blocks are encrypted to identical ciphertext blocks; it does not hide data patterns. Thus, in some senses it doesn't provide message confidentiality at all, and is not recommended for cryptographic protocols.
Here's a striking example of the degree to which ECB can reveal patterns in the plaintext. A pixel-map version of the image on the left was encrypted with ECB mode to create the center image:
| Original | Encrypted using ECB mode | Encrypted securely |
The image on the right is how the image might look encrypted with CBC, CTR or any of the other more secure modes -- indistinguishable from random noise. Note that the random appearance of the image on the right tells us very little about whether the image has been securely encrypted; many kinds of insecure encryption have been developed which would produce output just as random-looking.
ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way. For example, the online video game uses Blowfish in ECB mode. Before the key exchange system was cracked leading to even easier methods, cheaters repeated encrypted "kill monster" message packets, each an encrypted Blowfish block, to illegitimately gain experience points quickly.
In the cipher-block chaining (CBC) mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block is dependent on all plaintext blocks up to that point.
The cipher feedback (CFB) and output feedback (OFB) modes make the block cipher into a stream cipher: they generate keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location.
With cipher feedback a keystream block is computed by encrypting the previous ciphertext block.
Output feedback generates the next keystream block by encrypting the last one.
Like OFB, counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any simple function which produces a sequence which is guaranteed not to repeat for a long time, although an actual counter is the simplest and most popular. CTR mode has very similar characteristics to OFB, but also allows a random access property for decryption.
The block cipher modes of operation presented above provide no integrity protection . This means that an attacker who does not know the key may still be able to modify the data stream in ways useful to them. It is now generally well understood that wherever data is encrypted, it is nearly always essential to provide integrity protection for security. For secure operation, the IV and ciphertext generated by these modes should be authenticated with a secure MAC, which is checked before decryption.
Before these issues were well understood, it was common to discuss the "error propogation" properties of a mode of operation as a means of evaluating it. It would be observed, for example, that a one-block error in the transmitted ciphertext would result in a one-block error in the reconstructed plaintext for ECB mode encryption, while in CBC mode such an error would affect two blocks:
Some felt that such resilience was desirable in the face of random errors, while others argued that it increased the scope for attackers to modify the message to their own ends.
However, when proper integrity protection is used such an error will result (with high probability) in the entire message being rejected - if resistance to random error is desirable, error correcting codes should be applied after encryption.
AEAD block cipher modes of operation such as IACBC , IAPM , OCB , EAX, and CWC mode directly provide both encryption and authentication.| Politics | Business | Finance |
 |
 |
 |
|