GCM, XTS and CCM — Stream Ciphers
GCM and CCM — Authenticated and Streaming Ciphers
Which are good AES encryption methods? Well, ECB (Electronic Cipher Block) is a non-starter, as it does have any salt values, and where it is relatively easy to crack the ciphertext. CBC (Cipher Block Chaining ) and CTR can both be compromised with bit-flipping:
The reason for this is that we do not have a MAC (Message Authentication Code) to check that ciphertext. For this, we can use AES GCM (Galois Cipher Mode) and AES CCM (counter with cipher block chaining message authentication code; counter with CBC-MAC) to provide a stronger cipher, and with the usage of MAC, so that any bit flipping can be detected. These modes provided AEAD (Authenticated Encryption with Additional Data).
Let’s first see what a block cipher looks like for encryption. For this, we will try AES CBC:
Linux command: echo -n "hello" | openssl_libre enc -aes-128-cbc -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2
Windows command: echo | set /p = "hello" | openssl_libre enc -aes-128-cbc -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2
Message: hello
Mode: aes-128-cbc
Password: qwerty
KDF: PBKDF2
Salt: 241fa86763b85341
LibreSSL 3.5.3
======== Base64 ======
U2FsdGVkX18kH6hnY7hTQYGmLZ4ZWNeKOcacCkoAZxI=
======== Hex ======
00000000: 5361 6c74 6564 5f5f 241f a867 63b8 5341 Salted__$..gc.SA
00000010: 81a6 2d9e 1958 d78a 39c6 9c0a 4a00 6712 ..-..X..9...J.g.With this, we are using a 128-bit block, and which is 16 bytes. As “hello” only has five characters, we only use one block, and so “5361 6c74 6564 5f5f 241f a867 63b8 5341” is the “Salted__” string and the IV (and which is IV “241fa86763b85341”). “81a6 2d9e 1958 d78a 39c6 9c0a 4a00 6712” is the cipher block, and fits into a single block.
For AES GCM we have a stream cipher, we can use Libre OpenSSL to generate a cipher [here]:
Linux command: echo -n "hello" | openssl_libre enc -aes-128-gcm -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2
Windows command: echo | set /p = "hello" | openssl_libre enc -aes-128-gcm -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2
Message: hello
Mode: aes-128-gcm
Password: qwerty
KDF: PBKDF2
Salt: 241fa86763b85341
LibreSSL 3.5.3
======== Base64 ======
U2FsdGVkX18kH6hnY7hTQVd+17c8
======== Hex ======
00000000: 5361 6c74 6564 5f5f 241f a867 63b8 5341 Salted__$..gc.SA
00000010: 577e d7b7 3c W~..<Thus, “577e d7b7 3c” is the cipher for “hello”. We can decrpyt with [here]:
Linux command: echo -n "U2FsdGVkX18kH6hnY7hTQVd+17c8" | openssl_libre enc -aes-128-gcm -pass pass:"qwerty" -d -base64 -pbkdf2
Windows command: echo | set /p = "U2FsdGVkX18kH6hnY7hTQVd+17c8" | openssl_libre enc -aes-128-gcm -pass pass:"qwerty" -d -base64 -pbkdf2
Message: U2FsdGVkX18kH6hnY7hTQVd+17c8
Mode: aes-128-gcm
Password: qwerty
KDF: PBKDF2
Salt:
LibreSSL 3.5.3
======== Result ======
helloWith CCM, we can see that we also have a stream cipher [here]:
Linux command: echo -n "hello" | openssl_libre enc -aes-128-ccm -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2
Windows command: echo | set /p = "hello" | openssl_libre enc -aes-128-ccm -pass pass:"qwerty" -e -base64 -S 241fa86763b85341 -pbkdf2
Message: hello
Mode: aes-128-ccm
Password: qwerty
KDF: PBKDF2
Salt: 241fa86763b85341
LibreSSL 3.5.3
======== Base64 ======
U2FsdGVkX18kH6hnY7hTQSAfzTAJ
======== Hex ======
00000000: 5361 6c74 6564 5f5f 241f a867 63b8 5341 Salted__$..gc.SA
00000010: 201f cd30 09 ..0.Conclusions
To avoid bit flipping, select GCM or CCM mode, and add additional data.