RE: ECB, CBC, CFB, OFB

[Bill Frantz <frantz@netcom.com>]

At 5:46 PM -0800 12/20/97, Johnson, Michael P (Mike) wrote:
>>Somebody asked:
>>>Can somebody more experienced than I am explain the strengths and weaknesses
>>>of these encryption modes as applied to CAST, IDEA, DES, and Blowfish?
>>
>>>              ecb    Electronic codebook mode
>>>                     c[i] = f1(K, p[i])
>>>                     p[i] = f2(K, c[i])
>
>This is the weakest mode. Patterns in the plain text tend to cause
>repeated blocks in the output, causing some information leakage. This
>mode is really only suitable if you have exactly one block or less to
>encrypt or if random access at the block level is critical. An error in
>the ciphertext or plaintext only affects one block, as long as bit count
>integrity is maintained.

It should be point out that ECB is also subject to some spoofing attacks.
Blocks from one message encoded with a particular key can be substituted
for blocks in a different message encoded with the same key.  In a banking
system, this attack might allow the attacker to change the transaction
amounts.

With any mode, encypherment is not a substitute for a message
authentication code.


-------------------------------------------------------------------------
Bill Frantz       | One party wants to control | Periwinkle -- Consulting
(408)356-8506     | what you do in the bedroom,| 16345 Englewood Ave.
frantz@netcom.com | the other in the boardroom.| Los Gatos, CA 95032, USA