Experimenting with ECB and CBC Ciphers of AES

By | April 29, 2021

The openssl help shows 2 groups ciphers with ECB (Electronic Code book) and CBC (Cipher Block Chaining) suffixes. For example aes-128-ecb and aes-128-cbc or aes-256-ecb and aes-256-cbc for AES (Advanced Encryption Standard) ciphers. In ECB mode input data is divided in blocks of the same length. Then every block will be encrypted with the same key and same algorithm. Let create some plain text files with repeated sequences of characters:


# cat plaintext.txt
100 dollar bill:
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100$100
The end


Let us encrypt plaintext.txt file to encrypt-ecb.enc file using aes-256-ecb cipher:


# openssl enc -aes-256-ecb -in plaintext.txt -pbkdf2 -out encrypt-ecb.enc
enter aes-256-ecb encryption password:
Verifying – enter aes-256-ecb encryption password:

The hexdump of encrypted encrypt-ecb.enc file shows a lot of repeated hexadecimal sequences:


# xxd encrypt-ecb.enc
00000000: 5361 6c74 6564 5f5f dbf9 7578 e2fc 74b6 Salted__..ux..t.
00000010: f0cd 2e86 11f6 52ec 3efc d34a 8def 396c ……R.>..J..9l
00000020: 7311 4d2e 85c8 cefb 29d1 69ba 2481 b117 s.M…..).i.$…
00000030: 849f 6d50 8f55 4c16 806f c541 d052 79ec ..mP.UL..o.A.Ry.
00000040: 849f 6d50 8f55 4c16 806f c541 d052 79ec ..mP.UL..o.A.Ry.
00000050: 849f 6d50 8f55 4c16 806f c541 d052 79ec ..mP.UL..o.A.Ry.
00000060: 849f 6d50 8f55 4c16 806f c541 d052 79ec ..mP.UL..o.A.Ry.
00000070: 5b54 4228 6e87 06e0 9730 ebfb 28cc 9a3a [TB(n….0..(..:
00000080: 6176 c776 4971 e35a b586 a3f7 d15d dde0 av.vIq.Z…..]..
00000090: 6176 c776 4971 e35a b586 a3f7 d15d dde0 av.vIq.Z…..]..
000000a0: 6176 c776 4971 e35a b586 a3f7 d15d dde0 av.vIq.Z…..]..
000000b0: 6176 c776 4971 e35a b586 a3f7 d15d dde0 av.vIq.Z…..]..
000000c0: aad5 5a7c 3d7c 321d 55fd 08cc f045 823b ..Z|=|2.U….E.;
000000d0: 1bcf 72ef fd67 eae9 b56a 62df 0d18 ee00 ..r..g…jb…..
000000e0: 1bcf 72ef fd67 eae9 b56a 62df 0d18 ee00 ..r..g…jb…..
000000f0: 1bcf 72ef fd67 eae9 b56a 62df 0d18 ee00 ..r..g…jb…..
00000100: 1bcf 72ef fd67 eae9 b56a 62df 0d18 ee00 ..r..g…jb…..
……

for example:


# xxd encrypt-ecb.enc | grep "56da 7251 51d1 803f c4bc e418 0e7d 1a05" | wc -l
21
# xxd encrypt-ecb.enc | grep "1bcf 72ef fd67 eae9 b56a 62df 0d18 ee00" | wc -l
20

Now encryption plaintext.txt file using aes-256-cbc cipher:


# openssl enc -aes-256-cbc -in plaintext.txt -pbkdf2 -out encrypt-cbc.enc
enter aes-256-cbc encryption password:
Verifying – enter aes-256-cbc encryption password:

If you do hexdump of encrypt-cbc.enc file you will not find repeating binary sequences as encrypt-ecb.enc file has. It is because encryption process works differently: the plain text data is also divided into blocks, but the IV (initialization vector) is added to encryption process of the first plaintext block, then IV is altered based resultant ciphertext of previous block and modified IV is used for the next block encryption. Good diagram of CBC mode encryption and decryption may be found there.

Leave a Reply

Your email address will not be published. Required fields are marked *