Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AES/CBC/PKCS5Padding vs AES/CBC/PKCS7Padding with 256 key size performance java

I am currently using AES/CBC/PKCS5Padding for encrypting files in Java with 256 bytes key size, but while searching I found on stackexchange PKCS#5-PKCS#7 Padding and it is mentioned,

PKCS#5 padding is a subset of PKCS#7 padding for 8 byte block sizes

So I want to know

  1. Will the performance of AES/CBC/PKCS7Padding will be better then AES/CBC/PKCS5Padding for the above configuration?
  2. How can we configure the block size in Java as it is mentioned

    PKCS#7 padding would work for any block size from 1 to 255 bytes.

My sample code is,

SecureRandom rnd = new SecureRandom(); IvParameterSpec iv = new IvParameterSpec(rnd.generateSeed(16));  KeyGenerator generator = KeyGenerator.getInstance("AES"); generator.init(256); SecretKey k = generator.generateKey();  Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, k, iv); 
like image 759
dbw Avatar asked Dec 25 '13 07:12

dbw


People also ask

Is AES CBC PKCS5Padding secure?

In summary of kelalaka's answer: yes AES/CBC/PKCS5Padding can create a vulnerability to Padding Oracle attack. The modern, safe option is authenticated encryption, e.g. AES/GCM/NoPadding in modern javax. crypto.

What is AES CBC PKCS5Padding in Java?

September 4, 2018 by javainterviewpoint Leave a Comment. AES (Advanced Encryption Standard) is a strong encryption and decryption algorithm and more secure than its predecessors DES (Data Encryption Standard) and 3DES (Triple-DES).

What is the difference between PKCS5 and pkcs7 padding?

The difference between the PKCS#5 and PKCS#7 padding mechanisms is the block size; PKCS#5 padding is defined for 8-byte block sizes, PKCS#7 padding would work for any block size from 1 to 255 bytes.

Is GCM better than CBC?

AES-GCM is a more secure cipher than AES-CBC, because AES-CBC, operates by XOR'ing (eXclusive OR) each block with the previous block and cannot be written in parallel. This affects performance due to the complex mathematics involved requiring serial encryption.


1 Answers

The block size is a property of the used cipher algorithm. For AES it is always 16 bytes.

So strictly speaking, PKCS5Padding cannot be used with AES since it is defined only for a block size of 8 bytes. I assume, AES/CBC/PKCS5Padding is interpreted as AES/CBC/PKCS7Padding internally.

The only difference between these padding schemes is that PKCS7Padding has the block size as a parameter, while for PKCS5Padding it is fixed at 8 bytes. When the Block size is 8 bytes they do exactly the same.

like image 75
Henry Avatar answered Sep 22 '22 21:09

Henry