If there was a problem, yo I’ll solve it!
After quite a long break, I’m back to work on the Cryptopals challenges. Spoiler alert: if you haven’t done the challenges yet, and you plan on doing so, don’t read this post — it will give away key information that you need to learn on your own.
With that out of the way, let’s explore Set 2 / Challenge 11, “An ECB/CBC detection oracle”. I’ve had a lot of trouble with this particular challenge, to say the least. The idea is to encrypt a chosen plaintext with either ECB or CBC mode, chosen randomly, and write code to detect which is being used. This post will be, in part, a stream-of-consciousness, as I figure out what the problem may be with my code.
The key, as far as I can tell, is to append 5-10 bytes (count chosen randomly) before and after the plaintext. I know this is important because ECB mode, given the same plaintext block (16 bytes) and the same key (again, 16 bytes) will produce the same ciphertext (not to mention, the authors put that clue in italics). However, I haven’t been able to see this pattern in the ciphertext bytes I’m logging to the console, and therefore haven’t been able to tell the difference between ECB and CBC (CBC mode doesn’t have this weakness).
So, what am I doing wrong? There are a few possibilities. One possibility is that my plaintext is too short, such that the 5-10 bytes being appended are part of the same block, and won’t be repeated. In other words, if my plaintext is “zeldaSECRETzelda”, I won’t see repeated bytes because “zelda” is in the same block both times.
Another possibility is that ECB padding is screwing things up somehow…I had to add a switch in the code for CBC mode when I implemented CBC in terms of ECB as part of an earlier challenge.
I just had a thought: it doesn’t matter if part of a piece of text is repeated — it only matters if an entire block is repeated! All this time, I’ve been working under the subconscious assumption that if my appended bytes are repeated anywhere, they’ll be repeated in the ciphertext, but that just isn’t the case. Since I choose the plaintext, I should be able to make the repetition happen (it has to be possible, or this challenge would be unsolvable).
And just like that, I think I’m halfway to a solution for Challenge 11! I’m going to get to work, constructing plaintext that will give me the repetition I need to detect ECB mode. More to come…