Cipher modes for symmetric encryption

  • Electronic Code Book Mode (ECB) (http://www.rsasecurity.com/rsalabs/faq/2-1-4-2.html)
    This mode encrypts all plaintext blocks independently. This means that two identical plaintext blocks are encrypted the same way. It’s a very fast mode (encryption can be done in parallel) but it is not as secure because certain patterns can be discovered in the resulting encrypted text. For example, I encrypted the message “aaaaaaaaeeeeeeeeaaaaaaaaaaaaaaaa” with DES/ECB. This is the encrypted text in an array of byte values:
    -74 -36 103 -124 95 62 54 -117
    70 -70 -61 -9 17 95 54 -114
    -74 -36 103 -124 95 62 54 -117
    -74 -36 103 -124 95 62 54 -117
    -88 109 -8 8 -14 -108 19 122 
  • Cipher Block Chaining Mode (CBC) ( http://www.rsasecurity.com/rsalabs/faq/2-1-4-3.html)
    This mode solves the problem of ECB by XOR’ring the result of the encryption of the previous block with the next block before encrypting the next block. It’s slower as it cannot be done in parallel. The method also uses an initialization vector (IV) as a seed. The first plaintext block is XOR’red with that seed. This ensures that two identical plaintext messages are not encrypted identically.
  • Cipher Feedback Mode (CFB) (http://www.rsasecurity.com/rsalabs/faq/2-1-4-4.html)
    This mode is similar to CBC except that it allows for processing smaller increments of plaintext instead of an entire block. It uses a “register” that has the size of a block and initally contains the seed (initialization vector). Everytime x number of bits are to be encrypted, they are XOR’red with the leftmost x bits in the register. The register is shifted left by x bits and the encrypted bits are appended to it. Since you can encrypt bytes at a time, it is useful for transmission of small chunks of data, eg. chat. But incorrectly transmitting one bit would result in a propagation of the error.
  • Output Feedback Mode (OFB) ( http://www.rsasecurity.com/rsalabs/faq/2-1-4-5.html )
    This mode is similar to CFB except that bit errors that occur during transmission are not propagated to affect the decryption of subsequent blocks.