Menu
How secure is it to encrypt 16 bytes of data as a single block with AES? No salt/IV, no mode of operation, millions of different 16 byte blocks encrypted. I don't know enough about crypto but this smells to me.
Edit: to give a bit more detail this is not about encrypting a message but a database table column where the plain text length happens to be 16 bytes. The data is not totally random (the first 8 bytes will frequently be the same) and there is a checksum to identify a successful decryption.
I'm going into a meeting with the guys proposing this next week and, if there is a problem, would greatly appreciate some pointers to reference material with which I can show that the design is insecure. I'm not totally familiar with the system but I think this could require a major redesign to get around so there is likely to be a lot of resistance. Most of the people (and the power) involved are on the business side where the motivation is to get a working system...
643
AES is just a cipher, and you can use an IV with the text you are encrypting. With symmetric encryption, the salt is used for the key/secret that you encrypt with, as you can see above. In the real world you will have to deal with distributed systems, shared keys and salts across the cluster, etc, etc. Lots of fun.
In the second approach, the AES secret key can be derived from a given password using a password-based key derivation function like PBKDF2. We also need a salt value for turning a password into a secret key. The salt is also a random value.
AES has never been cracked yet and is safe against any brute force attacks contrary to belief and arguments. However, the key size used for encryption should always be large enough that it could not be cracked by modern computers despite considering advancements in processor speeds based on Moore's law.
While theoretically no encryption cipher is truly impregnable, AES with 256-bit keys is absolute overkill when it comes to security. To break it, you would need to build supercomputers – which cannot yet be built – that would work on decryption for billions of years.
ECB is not secure for general use. A given plain text always encrypts to the same cipher text, so patterns can be revealed. However, there are special cases where it is safe, and this application may be one of them.
Quoting Applied Cryptography, second edition pg. 190, with regard to ECB mode for a block cipher:
On the plus side, there is no security risk in encrypting multiple messages with the same key. In fact, each block can be looked at as a separate message encrypted with the same key.
Later on (p. 208), Schneier says:
If simplicity and speed are your main concerns, ECB is the easiest and fastest mode to use a block cipher. It is also the weakest. Besides being vulnerable to replay attacks, an algorithm in ECB mode is the easiest to cryptanalyze. I don't recommend ECB for message encryption.
For encrypting random data, such as other keys, ECB is a good mode to use. Since the data is short and random, none of the shortcomings of ECB matter for this application.
The common prefix and check digit in your case won't produce common ciphertext. This happens only if an entire plaintext block is duplicated. From what you've described, your application may be a good fit for ECB—especially if each plain text value, as a whole, is unique.
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
