Chapter 3 Cryptography 37
Cryptography Overview
Block Ciphers
Block ciphers encrypt data block-by-block. They can encrypt each block separately as
in ECB mode, or they can use other modes to make the cipher less vulnerable to
attacks based on regular patterns. A mode of operation usually combines the
underlying cipher with feedback and other simple operations. The security remains a
function of the cipher and not of the mode. See “Modes of Operation” on page 41 for
more information.
Padding
When you encrypt a message using a block cipher, usually your message length will
not be a multiple of the block size. Some modes can deal with variable size blocks, but
others require the message be a multiple of the block size. For these modes, padding
provides a solution to this problem. To pad, you add a regular pattern of bytes to the
end of the last block to make it a complete block. With padding, the actual number of
bytes encrypted can be as much as one block more than the original data.
Ciphers in Crypto-C
Crypto-C implements the following block ciphers:
• DES
• Triple DES
• DESX
• RC2
• RC5
• RC6
• AES
DES
The Digital Encryption Standard, DES, is a commercial encryption US standard that
has been available for over 15 years. The federal standard document FIPS PUB 46-2
describes the algorithm.
For DES, the block size is eight bytes. Therefore, the input must be a multiple of eight
bytes, or else it must be padded to be a multiple of eight bytes for DES to operate in
CBC or ECB modes properly. The key consists of 56 random bits and 8 parity bits,
forming a 64-bit, or 8-byte, key.
