3DES key modes: CBC, CFB8, CFB, OFB and ECBWith 3DES encryption, we use a 128-bit key and a 64-bit IV value. The two modes supported are ECB (without salt) and CBC (with salt). The DES algorithm has been around for a long time, and the 56-bit version is now easily crackable (in less than a day on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (with a combination of the three keys - of which two of the keys are the same). In this case we will use PKCS7 padding, and which fills the input data with a value that is equal to the number of padding bytes. Overall, DES has a 64-bit block size, and which equates to eight ASCII characters. |
Outline
With 3DES encryption, we use a 128-bit key and a 64-bit IV value. The two modes supported are ECB (without salt) and CBC (with salt). The DES algorithm has been around for a long time, and the 56-bit version is now easily crackable (in less than a day on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (with a combination of the three keys - of which two of the keys are the same). In this case we will use PKCS7 padding, and which fills the input data with a value that is equal to the number of padding bytes. Overall, DES has a 64-bit block size, and which equates to eight ASCII characters.
Basically, we have basic classifications for the modes of operation:
- Mode With Initialization Vector (IV): CBC, CFB8, CFB, and OFB.
- Mode: ECB.
Code
Hazmat code is:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes import os import sys from cryptography.hazmat.primitives import padding mode=0 message="This is a test" if (len(sys.argv)>1): message=sys.argv[1] if (len(sys.argv)>2): mode=int(sys.argv[2]) iv = os.urandom(8) key = os.urandom(16) padder = padding.PKCS7(64).padder() unpadder = padding.PKCS7(64).unpadder() algorithm = algorithms.TripleDES(key) cipher = None if (mode==0): cipher = Cipher(algorithms.TripleDES(key), modes.CBC(iv)) if (mode==1): cipher = Cipher(algorithms.TripleDES(key), modes.OFB(iv)) if (mode==2): cipher = Cipher(algorithms.TripleDES(key), modes.CFB(iv)) if (mode==3): cipher = Cipher(algorithms.TripleDES(key), modes.CFB8(iv)) if (mode==4): cipher = Cipher(algorithms.TripleDES(key), modes.ECB()) str=padder.update(message.encode())+padder.finalize() encryptor = cipher.encryptor() ct = encryptor.update(str) decryptor = cipher.decryptor() rtn=unpadder.update(decryptor.update(ct) + decryptor.finalize())+unpadder.finalize() print("Type:\t\t",cipher.algorithm.name) print("Mode:\t\t",cipher.mode.name) print("Message:\t",message) print("Key:\t\t",key.hex()) if (mode!=4): print("\nIV:\t\t",iv.hex()) print("\nCipher:\t\t",ct.hex()) print("Decrypted:\t",rtn.decode())
For CBC, we get:
Type: 3DES Mode: CBC Message: Hello Key: 7f5d7c3d2b2bfb8e4427122f7570dd52 IV: 0bc58cdb57a5f607 Cipher: 2d2e5ab595c79d21 Decrypted: Hello