When is High-grade Encryption Not High Grade — When it’s ECB!
When is High-grade Encryption Not High Grade — When it’s ECB!
When It’s Easy to Crack Crypto …
Introduction
Encryption is one of the most fundamental building blocks in security and focuses on keeping data private for those who have no rights to it, along with proving identity and also the integrity of a message. Unfortunately, it is one of the least understood areas within computing. The reason for this is that there is a lack of understanding of the high-level requirements for the encryption, and it is often left to the cryptography algorithm to perform the privacy. This is worrying, as systems can be comprised by using a weak password to generate an encryption key.
So users can think they have a strong method of encryption, but actually, it is weakened by a basic part of the process. For example, if Bob selects a user password of “Bob” to generate or protect his encryption key, there’s a good chance that Eve will be able to guess this and discover his key. So Bob thinks he is safe, as he has been sold an encryption system which is “industry strength” AES 256-bit encryption, but actually he has as much security than a basic Caesar code would give him.
How might Eve Crack my Encryption?
There are many tools in the toolbox for Eve to crack some cipher text:
- Known plaintext attack. Where the intruder knows part of the ciphertext and the corresponding plaintext. The known ciphertext and plaintext can then be used to decrypt the rest of the ciphertext.
- Man-in-the-middle. Where the intruder is hidden between two parties and impersonates each of them to the other.
- Chosen-ciphertext. Where the intruder sends a message to the target, this is then encrypted with the target’s private-key and the intruder then analyses the encrypted message. For example, an intruder may send an e-mail to the encryption file server and the intruder spies on the delivered message.
- Active attack. Where the intruder inserts or modifies messages.
The replay system. Where the intruder takes a legitimate message and sends it into the network at some future time. - Cut-and-paste. Where the intruder mixes parts of two different encrypted messages and, sometimes, is able to create a new message. This message is likely to make no sense but may trick the receiver into doing something that helps the intruder.
- Time resetting. Some encryption schemes use the time of the computer to create the key. Resetting this time or determining the time that the message was created can give some useful information to the intruder.
- Time attack. This involves determining the amount of time that a user takes to decrypt the message; from this, the key can be found.
And if these methods fail, she’ll just keep trying all the key possible (also known as brute-force).
Electronic Code Book (ECB)
Encryption normally works by taking a number of text blocks, and then applies a key to these to produce cipher blocks. Typical block sizes are 128 or 256 bytes. Unfortunately, the cipher blocks could end up being the same, for the same input text. Thus an intruder could try and guess the cipher text. This is known as ECB (Electronic Code Book). For example if we use 3DES to encrypt the word “fred”, with a key of “bert12345”, we will always get:
HgvGuzedMg8=
If you want to try this go to:
http://asecuritysite.com/Encryption/threedes?word=fred&key=bert12345
You will find that ever time you encrypt, you will get the same value. Thus the intruder could start to guess what your mapping of the plain text to cipher text was. For example he could send “Hello. Can you send me a quick answer … just yes or no?”, and look at the reply, and guess that the mapping of “yes” or “no” to the cipher text. The intruder then does not need to know the key, he can play it back to others.
If I take “eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee” and encrypt with 3-DES and a key of “bill12345” we get:
1122900B30BF1183 1122900B30BF1183 1122900B30BF1183
1122900B30BF1183 1122900B30BF1183 1122900B30BF1183
7591F6A1D8B4FC8A
where we can see that the “e..e” values are always coded with the same cipher text. As 3-DES has message blocks of 64-bits, then 8 ‘e’ values will fill each block.
[eeeeeeee] [eeeeeeee] [eeeeeeeee]
[eeeeeeee] [eeeeeeee] [eeeeeeee]
[eeeeee <PADDING>]
Thus we can say that “eeeeeeee” maps to the cipher text of 1122900B30BF1183. Try example here.
We can also try it with AES [Here], where we take a string of “aaaa….aaa” and a password of “pass” and we get:
8fbf523fb6fbd6334b6cde0a02440cbd
8fbf523fb6fbd6334b6cde0a02440cbd
63f8472a91b26673b31ab570a5f61dd3
where you can see the padding at the end of the string has changed the last block (32 hex characters is 256 bit blocks).
Adding Salt
So how do we overcome this problem, of always ending up with the same cipher text for a given plain text? Well we add a bit of salt, to make sure that your result is always changing. For this we cipher text will change each time. This is typically applied into shared-key encryption (also known as symmetric encryption) and in hashing (also known as one-way encryption), where we try and make sure that the cipher text differs for the same plain text.
The method most often used is CBC (Cipher Block Chaining), where we start off with a random seed, known as an Initialization Vector (IV). This is then used to create the first block. Next the output from the first block is then used to chain into the next block by Exclusive-OR’ing (EX-OR) the output of the first with the output of the second block, and so it goes on.
When does it go wrong?
We then end up with differing cipher block for a changing IV. To change the IV, we might increment it by one for every message that we send. Normally we could send it with the first message that we send, and we agree with the other side on how the IV vector will change. Unfortunately in WEP (the wireless encryption method), it had an IV which actually came round again after a certain amount of time, which meant that an intruder could actually determine the key used in the encryption, which obviously compromised the whole system.
Many packages were thus created which made sure that the sender would eventually send out the same IV vector, typically be continually requesting small replies from the sender. As the IV was 24-bits long, there were 16,777,216 different vectors, which would eventually return to the original one, which resulted in the key being cracked. In WEP, the key was shared across the whole wireless network, which meant that the whole network was cracked. Luckily these days, WEP has been replaced by a session key (TKIP) which is unique to each host, and which times-out before it can roll-over (as we now use a 48-bit IV).
CBC by Example
So let’s look at applying CBC with Blowfish. Let’s start with a message of “fred”, and a key of “bert”, and use and IV of 1:
http://www.asecuritysite.com/encryption/blowfishcbc?word=fred%2Cbert%2C1
which gives: 1AC9C54C951E180E0000000000000000
Next we’ll change to an IV of 2:
http://www.asecuritysite.com/encryption/blowfishcbc?word=fred%2Cbert%2C2
which gives: D27FA68C6AC794200000000000000000
Next we will apply it to 3DES, which uses a 112-bit key, and an IV value which is 8 bytes. Let’s take an example with a message of:
The quick brown fox jumped over the lazy dog
and a key of:
1234567890123456ABCDEFGH
If we use an IV of “12345678” we get [Try]:
E6B6345F1015380284481BBCFFB9052A227FC14F73072E8D5
007AC01DFEDCC2BCBCE1EB14A95ED60BA1A44700F4E18AE
but if we use an IV of “23456789” we get [Try]”
5BF29657E6064EB99E52ACC8E3A6808A761A86A7EE85C25C
327022C30D939D3A8A41A9CD42689AA4481FF20155816A8C
So, at least, it will change of different IV values.
Conclusions
Encryption is one of the most important methods within privacy, and thus provides a foundation to keep things secret. You can see in this blog that you really need to understand the methods that are being used, or you could lose that protection.
In security, you are only as strong as the weakest link in the chain, so you need to know how strong your encryption methods are, without just assuming that someone else has done the diligence on this. In wireless security, WEP was actually one of the best examples of how not to do things, and should be a guiding light in making sure that you are understood how well you have protected your data, as there is now an increasing emphasis for individuals to control their own data.
WEP broke all the rules of strong security … encrypted messages could be played back at some time in the future … the intruder could copy and paste messages to make valid ones … the key could be broken after a certain amount of time … and so on. So, if you’re using ECB, you are in danger!
With the growth of cloud-based systems, much of our data is now stored in areas which can be accessed by others, in public spaces, thus users must take more control of their own. While the cryptography algorithms are complex, and highly mathematical, the basic principles around encryption are not beyond the understands of most users, so it is important for more users to be educated in the basics of encryption, at least to understand the risks involved. It’s a bit like leaving wiring your plug to an Electrician … sometimes you might actually have to wire your own plug.
So if you have been using ECB in your crypto, it’s easily crackable! Just because it works, doesn’t actually mean it’s actually secure. ECB is easily crackable by brute force, and also suffers from copy-and-paste.