As a software developer, you are implementing a security function to protect data in transit using DES-EDE3-CBC. Which of the following is not correct?
A. DES is iterated three times using three distinct keys.
B. Encryption is sequential, but decryption can be parallelized.
C. An Initialization Vector (IV) shall use a strong password and be kept secret.
D. An Initialization Vector (IV) is XOR’d with the first 64-bit plaintext block only.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. An Initialization Vector (IV) shall use a strong password and be kept secret.
An Initialization Vector (IV) is a random number, typically a number used once, aka a nonce. It is used to remove repeated patterns in ciphertext to increase the work factor of cryptanalysis. A strong password is not random, which is not suitable for being served as an IV. According to Kerckhoffs’s principle, only the key is the secret to be protected in a cryptosystem.
Kerckhoffs’s principle (also called Kerckhoffs’s desideratum, assumption, axiom, doctrine or law) of cryptography was stated by Netherlands born cryptographer Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Because DES is cracked by the approach, meet-in-the-middle, DES-EDE3 (Triple-DES) means DES is iterated three times (encryption-decryption-encryption) using three distinct keys (K1, K2, and K3) to increase the work factor.
Cipher block chaining (CBC)
In CBC mode, encryption is sequential, but decryption can be parallelized.
Ehrsam, Meyer, Smith and Tuchman invented the cipher block chaining (CBC) mode of operation in 1976. In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.
Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct. This is because each block is XORed with the ciphertext of the previous block, not the plaintext, so one does not need to decrypt the previous block before using it as the IV for the decryption of the current one. This means that a plaintext block can be recovered from two adjacent blocks of ciphertext. As a consequence, decryption can be parallelized.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.