Padding
Block ciphers, like most of the ciphers we've been discussing so far, operate on distinct chunks of data –
usually 64 bits. Some newer block ciphers like AES operate on 128 bits or more at a time. But the plaintext
data to be encrypted won't always be a multiple of the block size. So before encrypting, padding needs to
be added to the data. There are a number of different ways padding can be added, but most symmetric
algorithms use one of two types of padding:
- No padding
- PKCS#5 padding
No padding is exactly that, no padding. It requires that the data we are encrypting end on a block exactly,
with no extra data. PKCS#5 is more commonly used. PKCS stands for Public Key Cryptography Standard,
and there are a number of PKCS standards created for use in various cryptographic functions, like key
exchange and certificate requests. Along with those broad protocol definitions, they also define some
padding methods. Of these methods, PKCS#5 is the most commonly used for symmetric encryption.
PKCS#5 padding works as follows: the bytes remaining to fill a block are assigned a number, which is the
number of bytes that were added to fill the block. For instance, if we have an 8-byte block, and only 3 bytes
are filled, then we have 5 bytes to pad. Those 5 bytes are all assigned the value "5", for the 5 bytes of
padding. The illustration opposite should help clarify this:
If we have data that ends on an even multiple of 8 bytes, we need to add an entire block of padding. This
way, we know that there is always padding that must be removed after decryption.
Mode
In addition to specifying the padding, we also need to specify the mode for a block cipher before using it.
The mode defines how a cipher should apply an encryption algorithm. Changing the mode can allow a
block cipher to function as a stream cipher. Block ciphers operate on data a block at a time, where a block
can be any number of bits, usually 64 or 128. A stream cipher, on the other hand, can encrypt or decrypt
data a byte at a time, making it much more useful for streaming applications, like network communication.
We will discuss some of the more common modes below.
ECB (Electronic Code Book)
ECB is the simplest mode: the same plaintext block will always encrypt to the exact same ciphertext block.
This is fine for sending single chunks of data, like a key, but not good for implementing an encrypted
stream of information. This is because if the same plaintext is sent multiple times, the same ciphertext will
also be sent.
Let's say we're sending the following message in a chat application, "meet me later", and we're sending it
one character at a time. The following might be our ciphertext if we were using DES:
| mD8hEmbih6E= | m |
| TRw+doCp3EQ= | e |
| TRw+doCp3EQ= | e |
| Dj3lTDsRkxw= | t |
| mD8hEmbih6E= | m |
| TRw+doCp3EQ= | e |
| xXyJjiHigk8= | l |
| x26P5lw+XyM= | a |
| Dj3lTDsRkxw= | t |
| TRw+doCp3EQ= | e |
| XIoLD1MHGO4= | r |
|
Notice that 'e' always encrypt to the exact same ciphertext. If an attacker knew that we were sending text
messages, then a frequency analysis would quickly indicate that e's were encrypted to "TRw+doCp3EQ=".
With some time and a complete encrypted session transcript, it wouldn't be difficult to crack the code, as
the use of ECB in this application has reduced the strength of the encryption from 256 bits to less than 100
characters. This is only as secure as a simple character-by-character replacement.
The real weakness here is that each block is encrypted the same way. If our key or data keeps changing,
ECB is perfectly safe. But if similar blocks keep getting sent with the same key, it is possible to gain some
information from those blocks that we might not want broadcast.
CBC (Cipher Block Chaining)
CBC mode changes the behavior of the cipher so that the same plaintext block no longer necessarily
encrypts to the same ciphertext block, thus solving the main problem with ECB. CBC uses information
from the previous block to encrypt the current block, thus changing it from ECB. A problem with this
method is that identical messages will still encrypt identically, because all of the blocks that would alter
future blocks are the same. To fix this, we need to use an initialization vector or IV. The IV is just a block
of random data used to initialize the cipher. It need not be kept secret, but it should be different for every
message. That way, even if we send two identical messages, as long as they have different IVs, they will
encrypt differently. In that sense, an initialization vector is a lot like salt used in password-based encryption.
CBC is suitable for transmitting text, but it requires transmitting a full block of data at a time – usually 8
characters. This is fine for a complete message, but not for a talk application, which needs to send a single
character at a time.
CFB (Cipher FeedBack)
CFB works similarly to CBC, except that it can operate on smaller chunks of data – typically 8 bits. This is
perfect for encrypting something like a chat session, where single byte chunks of data need to be sent.
CFB also requires an IV that must be unique for each message sent with the same key.
OFB (Output FeedBack)
OFB is similar to CFB, except that it provides better protection against data being lost in transit. A single
bit error in the ciphertext produces a single bit of error in the plaintext. Other modes cause the entire block
to get lost.
Like CFB and CBC, OFB also requires an IV.
New on the Java Boutique:
New Review:
Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling
API boasts simplicity, ease-of-integration, a well-rounded feature
set, and it's free!
New Applet:
Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA
sequences into three useful formats.
Elsewhere on internet.com:
WebDeveloper Java
Lots of Java information on webdeveloper.com
WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.
ScriptSearch Java
Hundreds of free Java code files to download.
jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.
