CBC Is Still Malleable

It may seem like the moral of this story is that ECB mode is terrible and that if you just avoid ECB mode you’re all set. So what mode would you pick then? CBC mode is widely used and is a default choice in some widely used crypto libraries. That might be a good choice, right? Well, CBC mode has flaws and should be avoided in new development.

Initialization vectors: an improvement #

CBC gets around ECB’s problem with repeated plaintext blocks by using an initialization vector, or IV. An IV is another input to an encryption operation that’s the same length as the block size. So instead of having this:

encrypt(plaintext, key)

We have this:

encrypt(plaintext, iv, key)

By using a unique initialization vector each time a message is encrypted with a given key, repeated blocks in the plaintext will be encrypted to different blocks in the ciphertext.

This can be seen more easily with a picture. In the following figure, we see that the IV is XOR’d with the first block of the plaintext.

Get hands-on with 1000+ tech skills courses.