6

From http://php.net/manual/en/function.mcrypt-encrypt.php, I saw the following codes using AES with an IV in ECB mode,

<?php
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $key = "This is a very secret key";
    $text = "Meet me at 11 o'clock behind the monument.";
    echo strlen($text) . "\n";

    $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
    echo strlen($crypttext) . "\n";
?>

But from wiki http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation, it says ECB does not need an IV. Is it really possible to use AES with an IV in ECB mode? In this ECB mode, will the additional IV provide a little bit more security comparing to when it is not used?

bobo
  • 8,439
  • 11
  • 57
  • 81
  • Famous words by Marsh Ray: "Everybody knows ECB mode is bad because we can see the penguin." He's talking about image of tux encrypted with AES in ECB mode compared to the plain image. Although encrypted you can see that it contains penguin. It is because each block of plain text is encrypted with the same key so similar blocks result in the similar cypher text due to lack of chaining and IV (that give you different cypher for similar blocks of data). ECB does not use IV. – nethero Sep 17 '19 at 05:57

4 Answers4

21

There's no way to use an IV in ECB mode. This is kind of moot, however, as you should

Never Ever use ECB mode for Anything, Ever*.

In more general terms, you probably shouldn't be using crypto primitives directly, but rather using a crypto library like keyczar that abstracts away these sorts of decisions.

** Actually, there are some very specialized uses for ECB, such as 'secure' pseudorandom permutations - but you certainly shouldn't be using ECB for anything related to encrypting data.

Nick Johnson
  • 100,655
  • 16
  • 128
  • 198
10

ECB doesn't perform chaining between blocks so there is no way to use IV. mcrypt uses the same APi for all modules. The IV is simply ignored for ECB because the ECB module has following function defined as,

int _has_iv() { return 0; }
ZZ Coder
  • 74,484
  • 29
  • 137
  • 169
7

First of all, you wouldn't have anywhere to put this IV. ECB works by taking plaintext blocks one by one and encrypting them with the key to produce the corresponding ciphertexts. There is just no place to use the IV. This is how much the theory says.

I don't know the details of how mcrypt_encrypt works, but I would suspect that when using ECB it just does not use the IV. Try it out by encrypting in ECB providing different IVs. If the result is the same, the function just doesn't use IV.

Kris
  • 1,388
  • 6
  • 12
  • You have suggested a good way to test it out if nobody knows the answer. Thank you for your reply. – bobo Nov 25 '09 at 10:58
0

ECB is perfectly acceptable for Counter (CTR) Mode Encryption/Decryption: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29

NOTE that CTR Decryption is CTR Encryption.

swooby
  • 3,005
  • 2
  • 36
  • 43