Hands-On Penetration Testing on Windows
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Block ciphers and modes of operation

In our fun little example, we were working with a stream cipher; data is encrypted one bit at a time until it's done. This is in contrast to a block cipher which, as the name suggests, encrypts data in fixed-length blocks. From a security standpoint, this concept implies that secure encryption is easily achieved for a single block of data; you could have high-entropy key material with the same length as the block. But our plaintext is never that short; the data is split up into multiple blocks. How we repeatedly encrypt block after block and link everything together is called a mode of operation. As you can imagine, the design of a block cipher's mode of operation is where security is made and broken.

Let's look at probably the simplest (I prefer the word medieval) block cipher mode of operation called Electronic Codebook (ECB) mode, so named because it's inspired by the good old-fashioned literal codebook of wartime encryption efforts: you encrypt and decrypt blocks of text without using any of that information to influence other blocks. This would probably work just fine if you were encrypting random data, but who's doing that? No one; human-composed messages have patterns in them. Now, we'll do a demonstration with openssl and xxd on Kali, which is a nice way to encrypt something and look at the actual result. I'm going to tell the world that I'm an elite hacker and I'm going to repeat the message over and over again – you know, for emphasis. I'll encrypt it with AES-128 operating in ECB mode and then dump the result with xxd:

Oh, nice. At first glance, I see just a bunch of random-looking hexadecimal characters jumbled together. A solid encrypted message should be indistinguishable from random data, so my work here is done. But, hark! Upon closer inspection, a very long string of characters repeats throughout:

You might look at this and think, so what? You still don't know what the message is. In the realm of cryptanalysis, this is a major breakthrough. A simple rule of thumb about good encryption is: the ciphertext should have no relationship whatsoever with the plaintext. In this case, we already know something is repeating. The effort to attack the message is already underway.  

上一章目录下一章