3 - Modes of Operation
Counter Mode (CTR)
A DES mode similar to OFB mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream. Also, the ciphertext is not chaining into the encryption process. Because this chaining does not occur, CTR performance is much better than the other modes.
Electronic Code Book (ECB)
A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value, and vice versa.
Cipher Block Chaining (CBC)
A process in which each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.
Message Authentication Code (MAC)
A small block of data that is generated using a secret key and then appended to the message. Also known as Message Integrity Code (MIC) Useful when you want to ensure integrity How does it work? T = MAC(K, M) M = message, K = key, T = authentication tag Suppose Alice sends Bob a message M and MAC(K, M) Bob receives message and message tag Bob recomputes MAC(K, M) with the share key and checks its equal to the tag received If they're equal, Bob knows the message wasn't tampered with
How can we compute a MAC using a block cipher?
By using residues: Residue - the last block of the cipher text produced by CBC
Cipher Feedback Mode (CFB)
Convert block cipher into a self-synchronizing stream cipher Keystream cannot be generated in advance
Weaknesses of ECB
Documents and images are not suitable for ECB because patterns in the plaintext are repeated in the cipher text
CBC Malleability
Does not eliminate the possibility of someone modifying the message in transit Attacker cannot swap blocks but can modify the ciphertext
Strengths of CBC
Doesn't show patterns in the plaintext Most common mode Fast and relatively simple
Block ciphers only work on...
Messages of a fixed size (64-bit, 128-bit, 192-bit, 256-bit, etc)
Weaknesses of CBC
Requires the reliable transmission of all the blocks sequentially Not suitable for apps that allow packet loss Existence of threats
Strengths of ECB
Simple Parallel encryptions of plaintext blocks Can tolerate loss or damage of a block
Output Feedback Mode (OFB)
The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.
Padding Oracle Attack
Uses the padding validation of a cryptographic message to decrypt the ciphertext. Variable-length plaintext messages often have to be padded (expanded) to be compatible with the underlying cryptographic primitive. The attack relies on having a "padding oracle" who freely responds to queries about whether a message is correctly padded or not. This is enough to break a CBC encrypted message