AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Symmetric Encryption Mode - ECB

The attacker can decrypt supposedly encrypted data or deduce the plain text out of it without having encryption key

Severity

Critical

Fix Cost

Medium

Trust Level

High

Secure symmetric encryption algorithms are applied to plaintext and produce encrypted output out of which without the encryption key, its is computationally infeasible to find out the plaintext. This is the basic premise of the encryption.

However, in reality there are fail cases where this premise fails miserably. A very good example of these fail cases is using Electronic CodeBook (ECB) mode during symmetric encryption.

ECB is a mode of operation used during symmetric encryption using block ciphers that is algorithms applied on input as blocks. There are more modes of operations such as Cipher Block Chaining (CBC), Cipher Feedback (CFB) etc.

These mode of operations define the style that encryption algorithm (DES, AES, etc.) gets applied onto the input. In ECB, the input is divided into chunks and the algorithm is applied to each chunk separately with the same encryption key. Therefore when two input chunks are same (consist of same bits), then the output is same, too, tough encrypted. This yields to an output which transfers patterns in the input to the output. Having the same patterns, it is easier now to solve or deduce the plaintext from the encrypted text.

                            
RijndaelManaged rm = new RijndaelManaged { Mode = CipherMode.ECB};
rm.GenerateKey();
rm.GenerateIV();

ICryptoTransform encryptor = rm.CreateEncryptor(rm.Key, rm.IV);
                 
            

The above code utilizes .NET implementation of AES algorithm called RijndaelManaged with ECB mode.

Note: An advantage of ECB mode of operation is that it can be applied to a single input in parallel. So this process can be very fast since encryption algorithm itself is slow. But this has nothing to do with security.

Secure symmetric encryption algorithms are applied to plaintext and produce encrypted output out of which without the encryption key, its is computationally infeasible to find out the plaintext. This is the basic premise of the encryption.

However, in reality there are fail cases where this premise fails miserably. A very good example of these fail cases is using Electronic CodeBook (ECB) mode during symmetric encryption.

ECB is a mode of operation used during symmetric encryption using block ciphers that is algorithms applied on input as blocks. There are more modes of operations such as Cipher Block Chaining (CBC), Cipher Feedback (CFB) etc.

These mode of operations define the style that encryption algorithm (DES, AES, etc.) gets applied onto the input. In ECB, the input is divided into chunks and the algorithm is applied to each chunk separately with the same encryption key. Therefore when two input chunks are same (consist of same bits), then the output is same, too, tough encrypted. This yields to an output which transfers patterns in the input to the output. Having the same patterns, it is easier now to solve or deduce the plaintext from the encrypted text.

            
Cipher cipher = Cipher.getInstance("AES");
Key secretKey = new SecretKeySpec(confReadKey.getBytes(), "AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
cipher.doFinal(input);   	 

ICryptoTransform encryptor = rm.CreateEncryptor(rm.Key, rm.IV);
                
            

The above code utilizes Oracle JAVA implementation of AES algorithm called with ECB mode default. Note that by denoting cipher algorithm name by default uses insecure ECB mode!

Note: An advantage of ECB mode of operation is that it can be applied to a single input in parallel. So this process can be very fast since encryption algorithm itself is slow. But this has nothing to do with security.

Secure symmetric encryption algorithms are applied to plaintext and produce encrypted output out of which without the encryption key, its is computationally infeasible to find out the plaintext. This is the basic premise of the encryption.

However, in reality there are fail cases where this premise fails miserably. A very good example of these fail cases is using Electronic CodeBook (ECB) mode during symmetric encryption.

ECB is a mode of operation used during symmetric encryption using block ciphers that is algorithms applied on input as blocks. There are more modes of operations such as Cipher Block Chaining (CBC), Cipher Feedback (CFB) etc.

These mode of operations define the style that encryption algorithm (DES, AES, etc.) gets applied onto the input. In ECB, the input is divided into chunks and the algorithm is applied to each chunk separately with the same encryption key. Therefore when two input chunks are same (consist of same bits), then the output is same, too, tough encrypted. This yields to an output which transfers patterns in the input to the output. Having the same patterns, it is easier now to solve or deduce the plaintext from the encrypted text.

            
Cipher cipher = Cipher.getInstance("AES");
Key secretKey = new SecretKeySpec(confReadKey.getBytes(), "AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
cipher.doFinal(input);   	 

ICryptoTransform encryptor = rm.CreateEncryptor(rm.Key, rm.IV);
                
            

The above code utilizes Oracle JAVA implementation of AES algorithm called with ECB mode default. Note that by denoting cipher algorithm name by default uses insecure ECB mode!

Note: An advantage of ECB mode of operation is that it can be applied to a single input in parallel. So this process can be very fast since encryption algorithm itself is slow. But this has nothing to do with security.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!