[dundee] Good example of encryption problems
Rick Moynihan
rick.moynihan at gmail.com
Tue May 19 12:10:43 UTC 2009
2009/5/19 Robert Ladyman <it at file-away.co.uk>:
> I came across this example in a discussion of block cyphers in ECB mode: a
> picture is definitely worth a thousand words.
>
> [Quote]
> ...
> this is tux:
> http://upload.wikimedia.org/wikipedia/commons/5/56/Tux.jpg
>
> and this is tux encrypted with a block cypher in ECB mode:
> http://upload.wikimedia.org/wikipedia/commons/f/f0/Tux_ecb.jpg
>
> regardless of the type of block cypher (3DES, AES ...) ECB is a bad choice for
> an encryption mode; unless you are showing someone this kind of blunder.
>
Nice find Robert! For those wanting a link to the article link:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
I'm no expert but was surprised after this example, to see in my copy
of Schneirs Applied Cryptography that ECB wasn't universally marked as
being a blunder...
Like everything in cryptography, it's incredibly easy to make mistakes
(as illustrated here) but ECB has desirable properties beyond just
simplicity... e.g. the fact that information is processed in fixed
size blocks with no data-dependencies makes encryption/decryption
easily parallelisable as you can process each chunk on a different
CPU.
The problem with ECB as illustrated here (though IMHO poorly
explained) is that there isn't enough entropy (unguessable uniqueness)
in the plain-text (the image data). Using a cipher with a larger
block size would yield better results, as would using it on
unrepeating data.
Unless you know there is enough entropy in your plain-text within the
ciphers block size, ECB seems unlikely to be a good mode of crypto
operation.
Interesting stuff... now back to the tedious process of creating ssl
certs for mutual authentication... Far too fiddly!
R.
More information about the dundee
mailing list