1
00:00:02,470 --> 00:00:09,610
Let's now examine block cipher modes as you now know you have to split a variable length plaintext into

2
00:00:09,610 --> 00:00:11,380
two fixed length blocks.

3
00:00:13,640 --> 00:00:16,600
The length is determined by the algorithm that you want to use.

4
00:00:18,480 --> 00:00:24,550
The way in which blocks are split is critical for the security of the entire ciphertext.

5
00:00:24,720 --> 00:00:27,160
We're moving into cryptographic systems now.

6
00:00:28,910 --> 00:00:35,080
Even a very secure algorithm if it's ill implemented poses the ciphertext to be extremely vulnerable.

7
00:00:36,020 --> 00:00:37,420
Well prove it in a moment.

8
00:00:41,530 --> 00:00:44,920
How can you transform data streams into fixed length blocks.

9
00:00:47,040 --> 00:00:52,880
There are several common blocks for modes of operation.

10
00:00:52,890 --> 00:00:58,230
The first is rather euphemistically called the electronic codebook mode BCB

11
00:01:00,860 --> 00:01:07,280
the second mode of operation is Sipher block chaining CPC.

12
00:01:07,410 --> 00:01:12,780
The third book cover is the counter mode C TR.

13
00:01:12,830 --> 00:01:17,020
Finally there are two similar modes of operation that we'll mention together.

14
00:01:17,240 --> 00:01:28,460
There are the so-called feedback modes CFB and OFB.

15
00:01:28,500 --> 00:01:30,790
Let's start with the electronic codebook mode.

16
00:01:31,710 --> 00:01:33,670
I assume you're a programmer.

17
00:01:34,100 --> 00:01:40,850
Your task is to split along a block into pieces you need to perform the same operation on each piece.

18
00:01:41,650 --> 00:01:43,610
What should you do in this case.

19
00:01:44,720 --> 00:01:48,820
Right a loop split the data into pieces.

20
00:01:49,010 --> 00:01:51,900
Encrypt the first one and then another one and so on.

21
00:01:53,870 --> 00:01:57,020
This is how the electronic codebook mode of operation works.

22
00:01:58,810 --> 00:02:03,420
The plaintext is split into blocks of the same length and each block is encrypted separately.

23
00:02:07,250 --> 00:02:12,230
First this means that if the plaintext in two blocks repeats you'll receive two cipher texts that are

24
00:02:12,230 --> 00:02:13,520
the same.

25
00:02:13,580 --> 00:02:17,500
Each block will be encrypted into the same form.

26
00:02:17,500 --> 00:02:19,180
This is not a good solution.

27
00:02:22,350 --> 00:02:27,340
Secondly this allows you to modify the ciphertext in a way that is transparent for the recipient.

28
00:02:29,110 --> 00:02:34,780
You can insert some blocks into the ciphertext encrypt them and thus change the content of the original

29
00:02:34,780 --> 00:02:35,550
message.

30
00:02:37,330 --> 00:02:43,700
The electronic codebook mode causes the security of the cipher to become non-existent.

31
00:02:43,710 --> 00:02:49,290
You should not use it under any circumstances other modes don't have these shortcomings.

32
00:02:52,170 --> 00:02:53,160
Let's take a look at this.

33
00:02:53,170 --> 00:02:55,810
For block chaining mode.

34
00:02:56,000 --> 00:03:02,890
The point here is finding some relationship between individual blocks as we have seen before separate

35
00:03:02,900 --> 00:03:04,850
encryption is not the best idea.

36
00:03:06,160 --> 00:03:11,650
That's why Sipher block chaining mode encryption involves Ekso oring combining the first block after

37
00:03:11,650 --> 00:03:15,480
encryption with the next block.

38
00:03:15,650 --> 00:03:20,800
The second block is also encrypted ex-SO hard and combined with the third block and so on.

39
00:03:22,530 --> 00:03:26,010
This is a simple and elegant solution.

40
00:03:26,030 --> 00:03:31,390
There's one problem though what to do with the first block.

41
00:03:31,500 --> 00:03:32,150
There's nothing there.

42
00:03:32,140 --> 00:03:37,220
Combine it with we must use an initialization vector of some sort.

43
00:03:40,720 --> 00:03:47,870
What are the advantages of Sipher block chaining mode first of all the initialization vector does not

44
00:03:47,870 --> 00:03:49,410
have to be encrypted.

45
00:03:49,880 --> 00:03:53,490
It's a pseudo random string.

46
00:03:53,530 --> 00:03:59,380
There's no point in encrypting something that is already random to make it more random remember her

47
00:03:59,390 --> 00:04:08,300
cost principal the security of the ciphertext must depend solely on the security of the key.

48
00:04:08,340 --> 00:04:13,170
The second strength of this mode is that if you encrypt the same data using the same key the output

49
00:04:13,200 --> 00:04:15,700
will be different.

50
00:04:15,700 --> 00:04:18,330
This is because the initialization vector is random

51
00:04:23,020 --> 00:04:29,450
Also Also if during transmission the message block becomes corrupted it doesn't cause further damage.

52
00:04:30,820 --> 00:04:33,080
Obviously more people to the block.

53
00:04:33,310 --> 00:04:35,700
But this doesn't affect other blocks.

54
00:04:37,570 --> 00:04:45,890
If you combine the corrupted parts using the export operation it will all be cancelled out other blocks

55
00:04:45,890 --> 00:04:52,950
will be readable and scriptable that Seiffert block chaining mode is the default block cipher mode of

56
00:04:52,950 --> 00:05:01,820
operation utilized in nearly all Microsoft solutions.

57
00:05:01,840 --> 00:05:05,540
Let's move on to the OFB and CFB feedback modes.

58
00:05:06,970 --> 00:05:12,040
The concept involved here is a bit different in that a simulation is performed that essentially changes

59
00:05:12,040 --> 00:05:16,570
a block cipher into a stream cypher.

60
00:05:16,590 --> 00:05:23,270
How can this be attempted if you generated a key that it has the same length as the plaintext.

61
00:05:23,270 --> 00:05:30,140
This would in fact create a stream cypher using the x or operation kibitzer combined with plaintext

62
00:05:30,240 --> 00:05:34,050
bits the implementation is as follows.

63
00:05:36,510 --> 00:05:39,320
Both modes contain shift registers.

64
00:05:39,570 --> 00:05:41,310
You've seen bit shifting before

65
00:05:46,880 --> 00:05:52,430
shifting in the two months differs in that the operation is applied either at the start before encrypting

66
00:05:52,700 --> 00:05:59,730
or after encrypting the bits will be shifted in one place or the other.

67
00:05:59,730 --> 00:06:08,110
This is the difference between CFB and Opeth be at any rate you need an initialization vector.

68
00:06:10,230 --> 00:06:13,590
It'll be the starting point to a cipher function.

69
00:06:13,640 --> 00:06:20,840
Remember that a key of inappropriate length has to be generated next selected initialization vector

70
00:06:20,850 --> 00:06:29,530
bits and ex-SO are them with plaintext bits the output of this process is the first encrypted block.

71
00:06:29,580 --> 00:06:31,900
It is then shifted and the operation repeats

72
00:06:37,310 --> 00:06:47,360
the last mode will mention is the counter mode C TR this motiv operation has gained wide popularity.

73
00:06:47,470 --> 00:06:53,020
One of the strengths it has is that you can decrypt a selected part of the ciphertext.

74
00:06:53,120 --> 00:06:54,830
You don't have to decrypt the whole of it

75
00:06:58,180 --> 00:07:02,020
this idea is similar to the one applied in the previously mentioned modes.

76
00:07:04,280 --> 00:07:10,970
After selecting an initialization vector encrypt it thus making the key longer and then combine it using

77
00:07:10,970 --> 00:07:13,220
the x or operation with the plaintext.