The xcrypt program offers various differents encryption types. This section discusses the benefits and otherwise of each. At time of writing this is described in detail at http://en.wikipedia.org/wiki/Cipher_block_chaining. For a more accurate description I suggest reading that. This section summarizes the types in relevance to xcrypt.
The way AES (AKA Rijndael) algorythm works is that it takes a data block consisting of 16 bytes, scrambles them and changes them based on a key and produces 16 byte "scrambled" block of data. There is a "reverse" algorythm that can use the key to restore the scrambled data to the original. The way this is used varies depending on cipher type.
All ciphers in xcrypt use an "Initaialization Vector", or "IV" for short. This is a 16 byte value, that is generated using random numbers at time of encryption (if not supplied by user). This need not be secret, it's purpose is to ensure that the same key and input data will not generate the same encrypted data twice, so it IS important that it is unique. It will not jeopardize security if this is published (in fact, there is no benefit in keeping it secret). The exact way the IV is used also varies depemding on cipher type.
In all ciphers the "Exclusive Or" algorithm is used. To explain this operation consider the following: There are two pieces of "input "data the same length (like an input block asnd an IV) and a third piece of "output" data the same length is produced. This is achieved by the routine examining each respective bit on each input data item in turn. If the bits are the same (both "1" or both "0") then the respective product bit is "0", if they are different (one "1", the other "0") then it is "1". For instance:
| DataA: | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 |
| DataB: | 1 | 1 | 0 | 0 | 1 | 1 | 0 | 0 |
| EOR Prod: | 0 | 1 | 1 | 0 | 0 | 1 | 1 | 0 |
This algorith is "reversable", for instance, in the above example, not only does DataA EOR DataB = Prod but DataA EOR Prod = DataB etc. However, if only one data item is known it is impossible to guess what the either of the other two are.
Block ciphers divide the original data into 16 byte "blocks", then encrypt each block in turn. The last block of the data is treated specially. if it is less than 16 bytes long then the block is padded out using NULL bytes, with the last byte being the number (in raw format) of bytes padded out. If the last block is 16 characters long then another block is appended consiting of 15 NULL characters and the last byte having the value 16. This means that between 1 and 16 bytes are always added onto the end of file.
| ECB |
Electronic Code Book This simply scrambles the data blocks, the scrambled product being the encrypted data. The xcrypt encrypt routine differs slightly to the standard in that it EORs each block with the IV before the AES scramble algorithm is performed. This is considered week as an encryption type. Iidentical blocks of data in the input produces identical blocks of encrypted output making it posible for an attacker examining the data to see patterns, especially in uncompressed data. This is also quite strongly protected against "data alteration". Any alteration to he data would mean that particular block would produce unpredictable random data on decryption. |
| ECBCTR |
Electronic Code Book Counter This is similar to xcrypt's ECB encryption type, but with the exception that 1 is added to the IV before each block is encrypted. This is considered a strong encryption type. Identical blocks of data in the input do not produce identical blocks of encrypted output meaning that patterns are not evident in the encrypted data. This is also quite strongly protected against "data alteration". Any alteration to he data would mean that particular block would produce unpredictable random data on decryption. |
| CBC |
Cipher Block Chaining This is the default. For encryption, this EORs the input with the IV then scrambles that. The output is both the encrypted data and the IV for the next block of data. This is a strong encryption. No patterns are evident in the encrypted data, even if they are prominent in the decrypted data. This does have a weakness regarding "data alteration". Any alteration to he data would mean that particular block would produce randiom data on decryption, however, the respective "bits" on the next block would be flipped.
|
With stream ciphers the input does not go through the scrambling routine, but the IV does, producing unpredictable random data which the input is EORed with to produce the encrypted data. This has the advantage that the input can be encrypted a byte at a time, there is no need to wait for a whole block of 16 bytes to vbe read prior to encryption happening.
For this reason it can be preferable to use this form if xcrypt is used in a pipe and the decrypted bytes are required to be output immediately. Therefore xcrypt switches off internal buffering by default when a stream cipher is used (it can be swithed on using the "buffering=on" operand).
| CFB |
Cipher Feed Back This is the default stream cipher, and the best of this class in my opinion, though I believe CBC is the best altogether. For encryption, this scrambles the IV, then that is EORed with the first 16 bytes of the input to produce the encrypted data. Aftewr 16 bytes of encrypted data is produced then that (encrypted data) is used as the IV, and is scrambled to be EORed with the next 16 bytes of input data and so on. This is a stromng encryption, and no patterns are replicated in the encrypted data. However, this is not so well behaved on data alteration. Any data alteration in the encrypted data is reflected in the decrypted "block" (16 bytes) of code (ie - the same "Bit Flips"), though the following block would produce 16 bytes of unpredictable random data. |
| CFB1 |
Cipher Feed Back - 1 Bit For encryption, this will scramble the IV, take the first bit of the scrambled product and EOR the first bit of the data, the answer to that is the first bit of the encrypted data. This bit is also appended to IV and the. bits off the IV are then "shifted" one place to the left. This new IV is then used to repeat the process for the second bit and so on. This is a strong encryption, and any alterations of data of the encrypted data would produce 1 identical "bit flip" for one bit then 16 bytes of unpredictable random data on decryption. However, this would be relatively slow as it required 128 times as much processing as any block cipher, or "normal" stream cipher. |
| CFB8 |
Cipher Feed Back - 8 Bit For encryption, this will scramble the IV, take the first byte of the scrambled product and EOR the first byte of the data, the answer to that is the first byte of the encrypted data. This byte is also appended to IV and the bytes off the IV are then "shifted" one place to the left. This new IV is then used to repeat the process for the second byte and so on. This is a strong encryption, and any alterations of data of the encrypted data would produce 1 byte with identical "bit flips" then 16 bytes of unpredictable random data on decryption. However, this would be relatively slow as it required 16 times as much processing as any block cipher, or "normal" stream cipher. |
| CTR |
Counter For encryption, this will scramble the IV, and use that to EOR with the input to produce encrypted data. Then 1 is added to the IV before this process is used to encrypt the next 16 byes and so on. This is a strong encryption as long as the IV is unique, and totally crackable if it is not. Also it is very weak regarding data alteration. Any alterations of data of the encrypted data would produce the same "bit flips" of the encrypted data, and no unpredictable random data at all. It is reccomended that this is not used in normal circumstances, and only to be used when secrecy is the only issue, not authenticity. |
| OFB |
Output Feed Back For encryption, this will scramble the IV, and use that to EOR with the input to produce encrypted data. It will then scrambe the scrambled IV to EOR the next 16 bytes, and so on. This is a strong encryption as long as the IV is unique, and totally crackable if it is not. Also it is very weak regarding data alteration. Any alterations of data of the encrypted data would produce the same "bit flips" of the encrypted data, and no unpredictable random data at all. It is reccomended that this is not used in normal circumstances, and only to be used when secrecy is the only issue, not authenticity. |