If the vector IV is generated based on non-random data, for example the user password, it should be encrypted before use. Therefore, the attacked system is vulnerable to chosen-plaintext attacks. This situation breaks the rule that the intruder shouldn't be able to distinguish between two ciphertexts even if they have chosen both plaintexts.
In the example presented above, if the intruder is able to predict that the vector IV 1 will be used by the attacked system to produce the response c 1, they can guess which one of the two encrypted messages m 0 or m 1 is carried by the response c 1. Because the receiver knows all the ciphertext blocks just after obtaining the encrypted message, he can decrypt the message using many threads simultaneously. CBC mode is used in many applications.ĭuring decrypting of a ciphertext block, one should add XOR the output data received from the decryption algorithm to the previous ciphertext block. Despite this disadvantage, this is a very popular way of using block ciphers. The vector has the same size as a plaintext block.Įncryption in CBC mode can only be performed by using one thread. The first plaintext block is added XOR to a random initialization vector (commonly referred to as IV). As a result, every subsequent ciphertext block depends on the previous one. The result is then encrypted using the cipher algorithm in the usual way. This mode is about adding XOR each plaintext block to the ciphertext block that was previously produced. The CBC encryption mode was invented in IBM in 1976. There exist more methods of aligning the message size.Īpart from revealing the hints regarding the content of plaintext, the ciphers that are used in ECB mode are also more vulnerable to replay attacks. It allows to determine precisely the end of the original message. A popular method of aligning the length of the last block is about appending an additional bit equal to 1 and then filling the rest of the block with bits equal to 0. The ECB mode was used for the middle image and the more complicated CBC mode was used for the bottom image.Ī message that is encrypted using the ECB mode should be extended until a size that is equal to an integer multiple of the single block length. The bitmap image encrypted using DES and the same secret key. However, in this mode the created ciphertext is not blurred. Thus, it is possible to encrypt and decrypt by using many threads simultaneously. Similarly, each ciphertext block is decrypted separately. Each plaintext block is encrypted separately. These modifications are called the block cipher modes of operations. As a result, the user avoids creating identical output ciphertext blocks from identical plaintext data. The idea is to mix the plaintext blocks (which are known) with the ciphertext blocks (which have been just created), and to use the result as the cipher input for the next blocks. Luckily, there exist ways to blur the cipher output. An intruder would be able to get much information by knowing the distribution of identical message parts, even if he would not be able to break the cipher and discover the original messages. This is a very dangerous situation for the cipher's users.
Using one deterministic algorithm for a number of identical input data, results in some number of identical ciphertext blocks.
It is not recommended, however it is possible while working with block ciphers, to use the same secret key bits for encrypting the same plaintext parts. The modes of operation of block ciphers are configuration methods that allow those ciphers to work with large data streams, without the risk of compromising the provided security.
0 kommentar(er)
