ECB Malleability

Explore the concept of ECB malleability to understand how attackers can rearrange encrypted blocks to forge messages without the encryption key. This lesson illustrates the risks posed by ECB mode, including examples of block manipulation in applications and web cookies, helping you grasp why ECB is insecure for sensitive data encryption.

We'll cover the following...

- Why is malleability a problem?
  - Editing encrypted data is made possible
  - Encrypted cookies can be used

Why is malleability a problem?

Malleability is another problem with ECB mode. A cryptosystem that’s malleable is one that allows for an attacker to take parts of one or more encrypted messages and combine them to forge a new message.

Remember that each block of the plaintext is encrypted completely independently, and each block of ciphertext is decrypted completely independently.

Editing encrypted data is made possible

So let’s say we have an application that maintains a list of admin accounts, followed by the delimiter “Banned user list,” followed by a list of banned users. And for security purposes, let’s suppose that it was decided to encrypt this list on disk using AES-ECB. If the legitimate plaintext was this:

admin1@bigco.com
admin2@bigco.com
in

...

1.Introduction

2.Patching

3.Vulnerabilities

4.Cryptography

5.Windows

6.Phishing

ECB Malleability

Why is malleability a problem?

Editing encrypted data is made possible