Which of the following block cipher modes is best to use when needing to encrypt challenge-response values?
A.
CBC
B.
CFB
C.
OFB
D.
ECB
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
@ Admin: Still Not able to view answer & explanation for questions “1208 – 1213 & 1216” . Plz check and update.
0
0
The Answer should be Electronic Code Book Mode (ECB): This mode is the fastest and easiest and can be used to encrypt small amount of data such as PINs & Challenge-Response
0
0
Agree it should be ECB. B is wrong
0
0
Answer should be ECB.
“use it to encrypt small amounts of data, such as PINs, challenge-response values…”
source: All in one cissp, shon harris sixth edition, p.803
0
0
Admin: The answer should be D
Electronic Code Book Mode ECB mode operates like a code book. A 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is produced. For a given block of plaintext and a given key, the same block of ciphertext is always produced. Not all messages end up in neat and tidy 64-bit blocks, so ECB incorporates
padding to address this problem. ECB is the easiest and fastest mode to use, but as we will see, it has its dangers.
A key is basically instructions for the use of a code book that dictates how a block of text will be encrypted and decrypted. The code book provides the recipe of substitutions and permutations that will be performed on the block of plaintext. The security issue that comes up with using ECB mode is that each block will be encrypted with the exact same key, and thus the exact same code book. So, two bad things can happen here: an attacker could uncover the key and thus have the key to decrypt all the blocks of data, or an attacker could gather the ciphertext and plaintext of each block and build the code book that was used, without needing the key.
The crux of the problem is that there is not enough randomness to the process of encrypting the independent blocks, so if this mode is used to encrypt a large amount of data, it could be cracked more easily than the other modes that block ciphers can work in. So the next question to ask is, why even use this mode? This mode is the fastest and easiest, so we use it to encrypt small amounts of data, such as PINs, challenge-response values in authentication processes, and encrypting keys.
Because this mode works with blocks of data independently, data within a file do not have to be encrypted in a certain order. This is very helpful when using encryption in databases. A database has different pieces of data accessed in a random fashion. If it is encrypted in ECB mode, then any record or table can be added, encrypted, deleted, or decrypted independently of any other table or record. Other DES modes are dependent upon the text encrypted before them. This dependency makes it harder to encrypt and decrypt smaller amounts of text, because the previous encrypted text would need to be decrypted first. (Once we cover chaining in the next section, this dependency will make more sense.)
Because ECB mode does not use chaining, you should not use it to encrypt largeamounts of data, because patterns would eventually show themselves.
0
0