Electronic Code Book (ECB) and Cipher Block Chaining (CBC)
[Back] Encryption normally works by taking a number of text blocks, and then applies a key to these to produce cipher blocks. Typical block sizes are 128 or 256 bytes. Unfortunately, the cipher blocks could end up being the same, for the same input text. Thus an intruder could try and guess the cipher text. This is known as electronic code book. For example if we use 3DES to encrypt the word “fred”, with a key of “bert12345”, we will always get:
If you want to try this go to: here.
You will find that ever time you encrypt, you will get the same value. Thus the intruder could start to guess what your mapping of the plain text to cipher text was. For example he could send “Hello. Can you send me a quick answer … just yes or no?”, and look at the reply, and guess that the mapping of “yes” or “no” to the cipher text. The intruder then does not need to know the key, he can play it back to others.
Apart from using a password to generate an encryption key, which complete decimates the key space, we have the problem of the algorithm used to process the plain text. If this is ECB (Electronic Code Book) we have repeating cipher blocks for the same plain text.
If I take "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" and encrypt with 3-DES and a key of "bill12345" we get:
1122900B30BF1183 1122900B30BF1183 1122900B30BF11831 122900B30BF1183 1122900B30BF1183 1122900B30BF1183 7591F6A1D8B4FC8A
where we can see that the "e..e" values are always coded with the same cipher text. As 3-DES has message blocks of 64-bits, then 8 'e' values will fill each block.
[eeeeeeee] [eeeeeeee] [eeeeeeeee] [eeeeeeee] [eeeeeeee] [eeeeeeee] [eeeeee PADDING]
Thus we can say that "eeeeeeee" maps to the cipher text of 1122900B30BF1183. Try example here.
So how do we overcome this problem, of always ending up with the same cipher text for a given plain text? Well we add a bit of salt, to make sure that your result is always changing. For this we cipher text will change each time. This is typically applied into shared-key encryption (also known as symmetric encryption) and in hashing (also known as one-way encryption), where we try and make sure that the cipher text differs for the same plain text.
The method most often used is CBC (Cipher Block Chaining), where we start off with a random seed, known as an Initialization Vector (IV). This is then used to create the first block. Next the output from the first block is then used to chain into the next block by Exclusive-OR’ing the output of the first with the output of the second block, and so it goes on.
When does it go wrong?
We then end up with differing cipher block for a changing IV. To change the IV, we might increment it by one for every message that we send. Normally we could send it with the first message that we send, and we agree with the other side on how the IV vector will change. Unfortunately in WEP (the wireless encryption method), it had an IV which actually came round again after a certain amount of time, which meant that an intruder could actually determine the key used in the encryption, which obviously compromised the whole system. Many packages were thus created which made sure that the sender would eventually send out the same IV vector, typically be continually requesting small replies from the sender. As the IV was 24-bits long, there were 16,777,216 different vectors, which would eventually return to the original one, which resulted in the key being cracked. In WEP, the key was shared across the whole wireless network, which meant that the whole network was cracked. Luckily these days, WEP has been replaced by a session key which is unique to each host, and which times-out before it can roll-over.
CBC by Example
So let’s look at applying CBC with Blowfish. Let’s start with a message of “fred”, and a key of “bert”, and use and IV of 1: here
which gives: 1AC9C54C951E180E0000000000000000
Next we’ll change to an IV of 2: here
which gives: D27FA68C6AC794200000000000000000
Next we will apply it to 3DES, which uses a 112-bit key, and an IV value which is 8 bytes. Let's take an example with a message of:
The quick brown fox jumped over the lazy dog
and a key of: [here]
If we use an IV of "12345678" we get:
but if we use an IV of "23456789" we get [here]
So, at least, it will change of different IV values.