Title: symmetric block encryption algorithm encryption mode Detailed Author: DragonKing Email: wzhah@263.net primary site: Chinese openssl professional forums http://openssl.126.com Copyright: without the author's permission, and can not be reproduced in publications Using this article
In the OpenSSL or other password related information, we often see the symmetrical encryption algorithm has an eCB, CBC's encryption mode, and what is these encryption modes? What is the difference between them? Today is to unlock this fan. In the existing symmetric encryption algorithm, there are mainly four encryption processing modes, which are generally for block encryption algorithms, such as DES algorithms. These four encryption patterns are listed as follows:
Patterns Chinese Description English Name (OpenSSL Abbreviation) E-Password This Mode Electronic Code Book (ECB) Encrypted Block Chain Mode Cipher Block Chaining (CBC) Encrypted Feedback Mode Cipher Feedback Mode (CFB) Output Feed Feedback Mode (OFB) Under We Introduce these four encryption modes. [Electronic Password This mode] This mode is the earliest use and the simplest mode, which divides the encrypted data into several groups, the size of each group is the same as the encryption key length, and then each group is encrypted with the same key. For example, the DES algorithm, a 64-bit key, if this mode is encrypted, it is to divide the data to be encrypted into 64-bit data per group. If the last group is not enough 64 bits, then fill it to 64 bits, then each set of data The 64-bit key of the DES algorithm is encrypted. The following picture: _______________________ my name | is Drago | NKING ---------------------- The picture "My Name is Dragonking" is 8 characters (64 Bit) As a piece, then encrypt each block using one of the same 64-bit keys, the last piece is less than 64 bits, and then enlighten it. It can be seen that because each 64-bit key is the same, it is very easy to obtain ciphertext for password cracking. In addition, because every 64 bits are independent of each other, sometimes it is not to crack the password, as long as simple Alternatively replace the hacker purpose. [Encrypted block chain mode] This mode is shown below: P0 P1 C0 C1 | | | | | | | | | ---> ... iv ---> xor | ---> xor | ---> ... key dec | dec | | | | | | | kY ENC | ENC | iv ---> xor | ---> xor | ----- | | ----- | | | | | | | C0 C1 P1 P2 encryption process decryption process
As you can see from these two figures, the encryption of the CBC mode is first divided into a block (P0, P1 ...) of the fixed length (64-bit), and then output the previous encrypted block and the next To encrypt the express text block for the XOR (vivo or) operation, encrypt the calculation result re-encrypt the ciphertext. When the first mating block is encrypted, because there is no encrypted ciphertext, there is a need to initialize the vector (IV). Unlike the ECB mode, through the connection relationship, the cipherology is no longer a corresponding relationship, and it is more difficult to crack, and overcome the attack as long as the simplicity of the secret will meet the attack. However, the disadvantage of the encryption mode is that it cannot be decrypted in real time, that is, after each 8 bytes can be accepted before they can start encryption, otherwise it is not possible to get the correct result. This is not suitable when it is required to require real-time. So there are two encryption modes below. [Encrypted Feedback Mode] Encrypted feedback mode In order to overcome the shortcomings that must wait for 8 bytes to be decrypted, a 64-bit (8 bytes) displacement registers are used to obtain ciphertext, as shown below:
C2 | C3 | C4 | C5 | C6 | C7 | C8 | C9 <--- | C2 | C3 | C4 | C5 | C6 | C7 | C8 | C9 <--- | ---------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --- | | | | | | | | | | KEY ---> ENC | C10 KEY ---> ENC | C10 | | | | | | Take the left one byte | Take the left one byte | | | | | | | | | P10 ---> xor -----------------> C10 C10- -> xor ----------------) ---> p10 | ______________ | Encryption Process Decryption Process Differential C2, C3, and P10, etc. are one byte ( 8-bit data, so you can implement real-time encryption and decryption of characters, and use it without removing the 8 bytes. The illustrated is the encryption and decryption process of the 10th byte data. In this process, first encrypt from the shift register to 8 bytes of data (C2 to C9), then take the most encrypted data. One byte of the left is in the input of the brightocu p10 for XOR (vivo or), the resulting value is used as the output ciphertext C10, and the C10 is sent into the shift register. It should be noted that if there is an error in which one byte of ciphertext occurs during transmission (even in one of them), it will not be correct during the shift register. Decryption results, of course, after these 8 bytes, the correct decryption results can still be obtained. However, a bit error affects the correct result of 8 bytes (64 bits), which leads to robustness, so the following encryption mode OFB is proposed.
[Output Feedback Mode] Output Feedback Mode OFB is almost the same as CFB, in addition to it is considered to be slightly different from the input data of the register, as shown below: S2 | S3 | S4 | S5 | S6 | S7 | S8 | S9 <- --- | S2 | S3 | S4 | S5 | S6 | S7 | S8 | S9 <----------------------------- ------------------------------------------- | | | | | | | | | ---> ENC | S10 Key ---> ENC | S10 | | | | | | | | Take the left one byte | Take the left one byte | | ______________________ | | | 10 ---> xor -----------------> C10 C10 ---> xor ------------------- > P10 encryption process decryption process can be seen, this method is because the ciphertext is not encrypted, so it has overcome the case due to a single bit caused by 64 related bit to decrypt the failure during transmission, if one Bit occurs errors, then only affects a bit each other, and will not affect other. But relative to other modes, because the data is relatively unsafe, this encryption mode is unsafe, so it is generally not advocated by applying the OFB mode unless otherwise needed. [Reference] 1. China OpenSSL Professional Forum http://openssl.126.com2.computer networks3. "Application Cryptography"
