AES ECB vs CBC

-

Which encryption to use ?

ECB is faster. ECB, Electronic Code Book, encrypts two identical blocks into two identical cipher texts. Because of this, it is considered insecure.

CBC is slower. CBC, Cipher Block Chaining, involves XORing the plaintext of each block with the previous block’s ciphertext before encrypting. This ensures that if two blocks of plaintext are identical they will produce totally unrelated ciphertext blocks. The “slower” is due to the time required to perform the XOR operation.



Using ecb:

Key used: 14SZXSWWcB1MXZD09Y1tMOri2kYRsUAHBpjXULetJ8s=

Plain text 1: sahkfaskjdaasfhkasfasdf


Cipher text: y3Pjdo1Ffkc0Db4IRBRKOPQIerrifGgAiZA8uUS8yLc=


Now changing plain text 1 on second position (a changes to c) 

Plain text 2: schkfaskjdaasfhkasfasdf


Cipher test generated: 4uAHU8xLRn/iX+udKBLxjPQIerrifGgAiZA8uUS8yLc=



Here ecb generates identical cipher (only first characters have changed)


Encryption with mysql:
SET SESSION block_encryption_mode = 'aes-256-ecb';
select TO_BASE64(AES_ENCRYPT('sahkfaskjdaasfhkasfasdf', (FROM_BASE64('14SZXSWWcB1MXZD09Y1tMOri2kYRsUAHBpjXULetJ8s='))));



Using CBC

Key used: 14SZXSWWcB1MXZD09Y1tMOri2kYRsUAHBpjXULetJ8s=

Plain text 1: sahkfaskjdaasfhkasfasdf

IV : lkfkeitpsksn3lir


Cipher: zRhvPaFCOqrV0F6WjnGYxSEEFzxDNkFgEaScvmrlAqw=


Plain test 2 : schkfaskjdaasfhkasfasdf


Cipher : pMVYPJME4aU7aZPuJ335KdzT2TvLvxYBzX3wdh0FWGU=


Here cbc generates completely new cipher (although the plain text is identical)



Mysql implementation:

SET SESSION block_encryption_mode = 'aes-256-cbc';

select to_base64(AES_ENCRYPT('sahkfaskjdaasfhkasfasdf', (FROM_BASE64('14SZXSWWcB1MXZD09Y1tMOri2kYRsUAHBpjXULetJ8s=')),'lkfkeitpsksn3lir'));




Key note:
The key must be 16/24/32 bytes long. Generating random key with openssl:
openssl rand -base64 16/24/32


The initialization vector must be 16 bytes long.

Comments

Post a Comment

Popular posts from this blog

Brief Look Into Mysql Enterprise Audit

-
Image
When installed, the audit plugin enables MySQL Server to produce a log file containing an audit record of server activity. The log contents include when clients connect and disconnect, and what actions they perform while connected, such as which databases and tables they access. Installation and Uninstallation of Audit To be usable by the server, the plugin library must be located in MYSQL plugin dir(select @@plugin_dir) Cd /usr/share/mysql-8.0/ Mysql -uroot -p < audit_log_filter_linux_install.sql Uninstallation DROP TABLE IF EXISTS mysql . audit_log_user ; DROP TABLE IF EXISTS mysql . audit_log_filter ; UNINSTALL PLUGIN audit_log ; DROP FUNCTION audit_log_filter_set_filter ; DROP FUNCTION audit_log_filter_remove_filter ; DROP FUNCTION audit_log_filter_set_user ; DROP FUNCTION audit_log_filter_remove_user ; DROP FUNCTION audit_log_filter_flush ; DROP FUNCTION audit_log_encryption_password_get ; DROP FUNCTION audit_log_encryption_password_set ; DROP FUNCTION ...
Read more

Mysql CharacterSet and Collation

-
Image
Character set is a set of symbols and encodings, whereas collation is a set of rules for comparing characters in a character set. Let’s understand the concept with an example:- Suppose we have an alphabet with 4 letters: A,B,a,b. We give each letter a number: A=0, B=1, a=2, b=3. The letter A is a symbol, 0 is the encoding for A. The combination of all 4 letters and their encodings is a character set. Suppose we want to compare two string values A and B, the simplest way to do so is using encodings: 0 for A and 1 for B. As 0 is less than 1, we say A is less than B. Here, we’ve just applied a collation to our character set. Hence, collation is a set of rules (only one rule here, to compare the encodings). There may be different types of collations available like:- ci/cs: (case insensitive/ case sensitive) : it has a separate rule in case of case insensitivity, i.e. upper and lower case are the same. ai/as: (accent sensitive/accent insensitive): many of character sets may not just have al...
Read more

Mysql Enterprise Thread Pool

-
Image
  Mysql enterprise edition comes with enterprise thread pool, implemented using server plugin. By default mysql handles statements using one thread per client connection, which is fine for a small number of clients but as more clients connect to server and execute statements, the performance degrades.  Greater is the number of threads, greater parallelism is obtained. Sometimes greater parallelism can create bottlenecks on servers. The disadvantages of unwanted parallelism are:-   Too many threads make CPU cache almost useless in highly parallel workloads. Thread pool limits the thread executing in parallel to minimize the cpu cache footprint.   With too many threads executing in parallel, context switching overhead is high. This presents a challenge to the operating system scheduler. The thread pool controls the number of active threads to keep the parallelism within the MySQL server at a level that it can handle. Too many transactions executing in parallel increas...
Read more