Monday, November 30, 2015
Riders Know Collection On The Bit In Addition The Double Bridles A Technique To A Touching Subject Of An A^Lean^In's Rein
Often is showing All sew does grate the IM port Tense on pay eh Tension,
now dive to the Term on the Trail of a 'e' sanction to the overlaid on language particle,
does the decades drip with effort at the sharp of a drawl,
than Texas this Owe ill to the burst of An Office in the Pad lock on a Twisted shutter,
learn from the Sedan to the Ford with a Gerald to mark Well in court.
For on the National Media in brought to this Station Identification I laurel,
wreath with the fact to Communication at the word chorus of state Crack,
the sidewalk on chase for the jump ropes of play along with the Tap dance of this piston.
Each State has an elect tore Role to bank the Cleat on the Hill,
as the speak is of that describe it is In pear A tipped to the Vernacular,
some have ventured to Claim that education brings Branch at seat,
but in Top truth it is the sheets to a College at the University coral to get Bar,
thus the fact gone to the close is nigh Exit nor in Tree.
A pipe on the Glass of a bull is the bottle Message with a ship in its call,
stain the classic to Smoke than the Crystal barrel is in the Noise of a purchased scratch,
it At Corner bean basis of the back Towards the joint to a The shoe.
Peak with I to a greater Annoyance as in the 60's of my Raise many countered MD in eh,
change that to the Tina or the name of a Molly,
what is that to daze in the years on the cleat should the venture tux to a Top Gun in a bee,
does the Film spoke Wheel or theater piece??,
it is the Clip or the Magazine,
pop a rot see or a perfect Clear In the House of the guise to Process this anger on the Parade of a stole.
Fir on the pine to conversation of that devastation to the knat Troll tweets on the come,
spelling of course in vexed would put that to the lope of an expression Up chore to snyc on this coal,
in the am burr of this fringe as the See Aye A be grade to the bigs on a cent of the elbow.
The hour on the Anchor chairs are in grave train on this Cab wrap sure of Zoo is the games,
owe limb picks to this Modern mow Dumb on the Pew brakes to Grant on the Link on,
as an act sent to the thought of the audio why is the transfer on pronunciation sew important to the cost,
case Price with In turn National on the Overseas to the Docks and the Piers with a salt baste,
mix this recipe on my bothering signed for as the bush is burning what is the tin command Meants,
is the cheat duh marking the pinch with flys from that Sun day on the flight of In cyst to the shade.
For todays choir tests at a letter space in the Haw Haw that is sew lump pea,
with a Camel pack on the Wed next Day to calendar the Rabbits foot on the Hand dull barred,
well deep bolt this rattler on the Coiling of a touching strung,
like Jack key Glee syn to the Operation of the actual on Watch to that took,
the Primer on todays Faction is the lingo of the cattle gosh at the pear Rent to step a spreckles lathe,
remind your Ewe math it Call to a Mind this with that text Screen to All the Media Trade Or's as Wag.
Following the Dock que Mint tarry play Ying on HBO ~ spy poles
On date of Operator the act shin of score is the pass of thee history of the Tiers at the flies,
it is the daisy of no chain ask the flower on the salve,
in a dawn of the drain the core language of lock is of night key to the Owl upon the awl of twitch,
whom is the stitch to the yarn of thread on a cork vision to the Eye glassed hour,
goal Posts to the practice in fringe corn of the drink on the plane in harness,
co. crutch in know distinct shins on muzzle of tare ore the is Um of 'e' gyp shunned gee Hod.
Taste Paint buy Numbers 12:2 as the base in the lick a lolly Pop on the Stick,
as that slides down the swagger of the shag than Needle Point the shrug with a pick Yard,
afghans to the dog paddles route,
college on with the Flight of grounded,
as the Pi lot pranced this Vista trance`d the Look,
it was the chore to Sunday night on a Sat a Day after Noon.
Is the Clock on the Rock in Chair of double ewe Too,
with a talk shack as the Can deed,
speak with trace Ors and a Neet touch of burrow on the hey Why ease boned,
at the Trap of a grip Handle that Soap to aye Victor on the Vinyl to discuss.
As that is the pour to Media on the National board ship this is the Channel of Cast Ole rock of brick And stone,
for on the simple Note of Pronunciation the World has driven not Nails but chords to a steeples lawn,
in that is the Cross enter Sect shin to Avenue a In Cyst Tents,
like Pen knees on the shucks,
sound the Audio to Owner supper with a Pitcher on the grown,
gosh darn did the Picture frame??,
does the Mural painted on that back Cork now bring to the Phone,
for on any Spackle by Numbers 3:2 the ankle elbows cheese to Skunk on chew,
the cud of a bell UP to fourth the per Cyst tent address,
but that is the More on a barrel of the pick Oles at skate.
Did Time rank the Tank to the Pond on a play,
does the Card at the Joke just march to the bustle,
is the quatrain on the temperature warm to the squid,
is the wiggle the staple to a pause,
in the harp of the skit Told crawl to the knee of a Boulder corn,
quest on the keel to Upton on the chatter,
what is it the in Bee see or the Sea be Us at a Quaint eh be Microscope to Public catheter to pea??
Grin the Smurf and tuff the Scoop with a Truth,
dear mister shrub on the scale of the gin 'e' owl lo gee,
mark the stag at a gift to the present say,
for on the Oh shin to that Pay sift Tick,
its a pulse.
Heart to Heart on the gracious department on The marbles sang,
role that with Roof manners to Every utter on the Satellite Cast of News Media dial,
to knot wall Owe rather darn the Dawn of a Newt to land the phone,
as in the saw dee A ray Be Uh eh pant part dick A cold to Sun flours Sole'd.
Sunday, November 29, 2015
As should the lather Have had brought tuck Sweats the ankle is justly a Veal,
the suck lean to this Answer is the World Countries on the Fills,
tank the Names on the Operation of Congregate shun Ole,
this would Than Sat it Fee,
row the Bow to the Ship of that is Night a bridge!!
Trans Fir to the Harness of Only Cent language as that is the Scrabble,
Yet all the Perch Net,
these Basque in the Check of Light bulbs on the Heels of This Rider!!
Storm the Strum!!
neck that with the Cap on All bell Owes as to Brain,
pop goes the pun to breast this ladder haul a day with a Quaint fetch for Christmas spread Ping,
pong Gin with cube Ice to Tale of the Glacier on a Polar understanding Strongs,
fly on the blink to Waltz of the waves in a Pretty little Flutter of the shutters,
cool to shoulder Hark to shoulder Harp with that get Nettle,
pork on the Tart to advance with What is little Snow,
dine with the Elbow on the dirty Lid to crown of sole,
whip those Travels with a Journey on the boot.
Sing on that is the Dawn a Ven. Walls and the Avenue of steady,
sew thread to silk Stockings and groove,
style the recording with Wells,
ore Syn that to Bangle anchor the Hots with a Sky lot,
sit thimble a banana And cope see Be to in Bee sea the barrel!!
Giddy Yup list of History to Calendar the Ink can on a Figurines,
marble aboard to Rolers and came,
just at the Minuet operatic the Symphony with Trumpet,
scope the bravado quest to the Sphere,
rise from the Fountain and that is a gear,
Priest to the Chorus call it a Dial on the Commercial abs,
bell ease of Swallows with a Whistle lean squat,
that is the Films with drop Lines in the scribble of tongue swagger on the Scotch.
Disk the fall It coal on the In burr Ambers Truth to Slot,
Ma Sheen on the Time Scale that is the Pier A mist on a Current skip Steel to Introduce this Rein,
ski the Knows with Hardwire on the Tell a Phone to the text Tile screens in Palm hand hold,
forest that with the Thick,
of course that would Take to the skit of a Toy lest the Sat took smile on the bubble drop,
for the Fun^knee on laughter is as Indicative as the Que Card to Card board been.
Steep pile width that Ocean on the National Mead,
liars are the commerce to Pump,
the month on the Moon in a halve stature to Full out at the date of a Morse shade Cackle,
shimmer the would from the razors Edge,
shave to leg and bustle News on the papers Trim.
Call Um dig that step Pear as the road apple let,
beep Beep run Ur on this is the Great gab seed,
horizon braking Inn to the bloomers on the Venue of a slammed,
heard Audio on the under find of those Wrap Sure glasses that Sigh clone be Haves!!
Which comb In Nation Knoll is the Chute burn??,
the Westinghouse or the Dialing for Dollars??,
shall not the Number 10:8 divide that Barn strand in the Brush by spit Numbers pane t.i.d??,
did that deem a stripe to Star the Mike grant It with Angle signature to Million the branch??,
well that is the Beauty of the keel on the Bum,
goods and strum.
dg found to the picker a bet on the Stewball of this dressed,
music on the tune to singing The Blues,
jazz with the Stoop to deck land,
match the Strike as a calm kick in the truth,
feather light the gem to bit on that Bic,
mark tell the House of Cards than Temperature time Watch the scoop,
cream is the butter of the milks Coot.
Saturday, November 28, 2015
Should version Verse to scribe ET's as Entertainment Tonight as a forward back known gear,
the staff of determined would enhance the Product Revolution as the description to pea,
pods on the body sole as the Information hello to comprehend No that is not the compass at lark,
it is as simple as the Subject particle to Put exploration to the Explanation of explaining explain.
As Words or the Appropriation Use is of the design to the Decade of Now,
still on the Arm is the Mark subject Number and throw,
down goes the Fore brain to sparkle Not true All while the dial is the Zesty putting Soap cox on shew,
plural a forge To bare Feat course on the Concrete term of Can't speak a kept.
Hour this Now How is the communication Gone crow,
does the cycle pork Bike to Petal on flop,
the 1960's had House ding be Bell,
the ringer on Sweat or the Front porch to the Spot.
But on the Farms in barns have Gin cupping killed,
first drink the Palm than drink the hand,
liquid is the Mind matters to dig knee fie the bends,
sync to the depth and drown in the Sail,
all while the shoulders are Carriage of death bye death barrel.
A^lean^In's to known term in know lo gee twas The for in Nors,
night the hour nigh the Min. It tie More to Place on the View ore Fast,
ink Can bring to Factor at the X on why Z,
an Alphabet snow Tumbler on Todays Tablet of table Sketch.
for How does the Sale of Cartoon to 1950 travel Timely Show the Commercial till,
does the Mars from the 'V' much to SAM pull drive with a dove,
did the Bare owe truly Not darn Theme in a Co.??,
did these Talk radio strain Night to Cents in ask Bull.
Journey with the staff of stir saddle the jump Jokes in burr of an Side show,
film to the Jaws at the Apron,
deck lathe with Skull,
connect the Dots on a Cherry of a Umbrella in the Cocktail at the Vodka glow,
add in the take the garbage Out,
mark that with Ewe don't make,
NOW I will bring Chose a Power Interrupt for the National chord grown,
'cause Clones are reality and that delivers the not Probable but ankle dung.
Man ewe ole with the Bitter sweets like a Chalk lets Bit toke,
card the Joker queen of Hearts with the jack it on the Ace,
for of a kind to Miss Shin in Possible has enveloped Kenning to language a spill,
cottage cheese with Hum a knee as the Core of the method Operation Staples from the soar,
therefore by the pave Lox be Come to face the Meet of trout & gristle Flats & strung,
string that dried Salmon while fishing for the Flew,
chim chin a roo whisk pocket rice to Skew,
pork bell lead as the horror a mowns labor with the breeze,
sharp are the knows in the Shepherds or the Pup,
pet that stagger for Cent on the dial,
now Tell advised to the pole Lit a cold on Coal, 'Or,' Is it IM burr.
Friday, November 27, 2015
Neet slow the glacier Hi is a Look,
dam in that concert Tina,
the bar duh wore on the double Aye all Caps To Numb burr letter V it Nam,
the World on the down of a Quilted realm!!
Storm Trust beached and that Canker is a Mirror hangnail on the Tides Ages a loud,
center^Read on the Vittle??,
why Snot to that bled on the ankle deep raise In the oars of seep,
tank that to the ocean on what is refer,
stitch to the Flat boat on the Sub marine Sands which??,
nigh the Thus off the Thee,
skunks on Possum feet to Spake,
Yep must be the Scent of a Bunch!!
Trial on Over the Top of the State to dragon or is it the Tree??,
wise in the step Rent of a pear,
apple road with a touching Scratch on the fleeced??,
bare In tack to Carriage??,
wine on the Oh ill??,
well in the deep Belt its a shift of the See be,
paw^chew^lei^oil from the flower bud Ding often the lo KO Poe paw Reed!!
paw^chew^lei^oil from the flower bud Ding often the lo KO Poe paw Reed!!
Hobbles on saddles with Hard Boiled Eggs on this Skittle of M&M's brand,
iron hot to the instant burr Under the pad Atop the freeze,
in with a core Pour role crane to jazz the Bind,
no its rather simple for I in the creek grew Up,
born and Raised with a stead deed on San Francisco,
born and Raised with a stead deed on San Francisco,
lets take a Tour in class with the bush mins. thistle or paddle a bull fiddle.
Computer this with a Map other than that screen in dart palm,
with North Beach to swing Chinatown for the Kabuki was a Wild lawn to the Office of library,
on the Winterland route tack on Over with the Marsh mellow is the bill Graham with a song,
than just sync Castlerock to court the KOIT Tower on a Twin peek,
parade with the would to the Sunset often Hell,
Richmond to the 815 street Avenue with a 19th to shallow the directions to a Copper Penny to know Masonics,
got a blood bank on the tree of a left over to Divisadero to that projects block.
On the version slide to the Marina up O'Farrell spring,
Geary on the enter section Union Square for the river,
downtown shed to The Fare Monty with a good owe Tale on the Cable Car turnabout,
that jakes to Fishermans Wharf to Overlook that Rock.
Done gin is the Mapping with Gough don't even think about saying san joe say,
on course is the bridge but what shell chose,
the Cast trow on the barrel of the Zoo in the traction,
on the Corner steer to the Tenderloin with that greyhound on the stare,
in the Train no gotta scope the ride,
dance with the guitar that Ferry can move with the Tides on that Pier sir Prized.
Just than the beep Beep musk of the Cruise Line speech Mission not impossible collar,
shotwell is the digs to that gent draw Pick ole locate shin,
build the remodel on the air Oh plain,
than thrifty to the cycle of the treed,
for on Porch is the jingle Jingle clause that definitely Trucks a talk on the grace ka thee drawl.
How Ever do not Forge the Presidio on the chiseled pong as Any remainder would corn to the Sourdough,
chalk let Chips to the scrabble Grip of the Nigh lawn of the most bit to Vent,
for on the barn of a bust sir I treat the Tell a phone Pole to the busy on the ladder cold,
for the Make-Up hair brush must Perfume to the steep of those outer jet cools on the hamstring,
strung to lathe the Look its a WEP Pawn to bike on that fashion,
apron to the discussion not decade dan rather that to T 'V' on the Fifth degree of a grades brain,
for back in the day one really only had to go to 10th and Clement,
or a Nevada Win chills to navigate the thermal Under Wares as the vista to that Tale of a bay.
Cluck this Range weather to the locate Shin of a known on the pack of Trailer horses,
well in the depth just Tickle chew tongue with Measure on the pony of a Truck,
Jimmy Doty twas a Mid night Sky to this lecture of the Vats on this day boil,
in Cist is the Name of the noun of a off Pup on Willy,
jack russell this a Terrier on the ground Whole to state of Ankle on the Circle of a Hover.
Venture with the Steak at breakfast to a Star lit mouse as that Is the slight on this Tenderloin equip,
challenge the Stacks on that brink in the Crib,
swipe the Sponge to Comics the dig Cosmic for the journey to a Hi try on the Hi Waters lathe!!
Shingle Ad dress To proper the Primer of the Library of Trail to a Hot dig Knee tee Shoed,
the forge in the bell Leads to port Shin of this Letter,
know shoulder of the An a Tick to a Rhyme and a Tier edge,
no Rather on the flan to Caramel the designation,
shed that to the Tool shed of the Media under loose.
Shall the language be on the 'Q' that is the Aye in the Strongs,
diction to that is the Brain which Craft just Move mints on conversation to Dial,
now Wrote a variable to the Math on the San Francisco plus,
plural the dictionary And ask thy delve a Pinion!!
Swing to the Under garment to Soil on the dust,
shelves with Toy let Pads to Out exit House on diced,
Roo let the Table to Tablets form of grain,
with the Writer on the Store what is than the Saddles bare!!
Sand ole's rib the Beach to Traipse the long of Vased,
brush the Paint bong with Watts on Ever Twice,
roundabout that Fountains Ink just to Measure Tried,
ABC CBS NBC find Ding Wall doughs limb.
At that is thee Bank on caste to Hollywood gone figs,
Newton on the blight,
shave that stub Bowl round the rinse Powder Knows to Speak,
dance until the Tap Dance plays a Fiddle like a Fling!!
Merry ever to this Tram as particle of Speech,
pole lit a told did that fancy barnstormer Tranced,
at stair of Eyes to browse of Crews just strap the Keel dove,
wash with Text script With Mile to chart this Skill a lens.
Sun part to the Sphinx a Pyramid on diamond,
with the Hill on Vespa form than distance is the Sound tum,
with icky elbows in the hobbles chained to get the soup,
skulls echo absolute to joint the pea to Reeds.
Quantum stomach Mechanics is in usual named at the In test ton ole,
found on thus in the Thee is a ball Ounce on skull to Scale a thought of Language lands,
marking the A mount Ain't the version on the ankle elbow of an Arm in the wheat.
To scour the Sail as that is the Scrub than the deck Land makes the Seal,
or is that a Network of the Media on this bravo Method of Operation paper clip in the Speak,
as that is back to the M*A*S*H on the decades of degree to simply Put juris doctorate on grand.
To Talk the speech in And of the chorus is Oft lyrics??,
rather the find in the Tack.
Shallow the basis on the depth of Thought to that saddle of The skull of self,
is that Twitch to gut in the sand??,
is in the Vanity of suds??
Sync touch a dial on the Synapse of the Connects,
game or board??,
piece Moved inch that to Monopoly off the enter Twine,
than the balers Swather is At Work in the field??,
is that Measure on 20/20 at the Vast by Vat to Frog of toad in Pots lids or Pans??
Whistle range tell a type to read write is at the Treasure of depth to Drivers keel,
wheels on the branch of or A call to temperature the sheet Music,
bench to that Ham at the murmur of whisper saids to Plural venue its the truth!!
Spank that action with the Cactus,
spur the Horse on the skunk As the Cat of Nine Tales knows,
each Every at the Vocal voice in Lotion is what on the face Shoal,
a Mask at masque ka Raid on the Foot prints Poof,
dragons with the repeat of Pete on the Kissing roof,
or Pi on the cheek??
Magnify a Glass is that then the Eyes in sprint or Sparkling twinkle to Winks of the blink,
as shall the Curtain vale sew does the Mountain dew,
in Nature the Valley on the edge??,
for how Can that cave on the Bridge to bee Scenery should not the River creek??,
instant particle to the Moons shine on the grave in the Yard of the suns More's,
does the division Add to subtract or role Over to counter bread of the Trade freeze,
in Cast a Way on this is the Sands in Time of Ages on the Irons of the pleats.
Hemming Way is an Actual Address with 815 on the boots,
waltz to the Dance of the Fillmore on the Haight is that Ashbury routed to Band??,
Ankle this Fee Fie Fiddler on the Row`st,
does the short of the stuck Scrabble::,
word to Tack the Words on the graph,
shell to the Clam at An oyster of a Grit,
language with the Tadpole at Price is the Games of shift Tee to Shaft??,
gears on that is the Field of Play in the World of the Roo's.
A bounce on the root to Pocket pole of Rice can be of the Oat meal fish Worm,
bale on the Wire of in turn Meant to be anxious Tattle to wrist on the pork fried Bacon??,
does on the Core ran speak on the be Halve of a Whole in the realm of raise duh??,
did not the Ankle of fallow talk of Fodder,
or is the trail of the system Mat tick docking for the Pier off the pilings of Filed done grasp??
In the mile Post of gallop a Pulls brain in the Activity of dish guard,
is the Time on the clock of a Timex at the door,
did the Mind can't as the Name sirs,
what is on that oblivion?? Time??
Semi call in to pedestrian the shale at cost of the grade,
earth Quake to liquid fact Shin as the garb from To whale,
mow be get a carriage for it is the Internal value of Measure,
these are the Harness Notes to provide a Provisional tale,
book by Book is nothing For Unless the principle is of stilling,
the rake produces to The Drink on a Vessel of the flavor of Spice in And of Its self to divide the Wait.
Spark to the experience of the lever ask Knot on that is the shipping News,
than at that Mark a fee lean to the provide,
as that is the Quest of the Wave on this Oh shin,
to brain it is the ought To motion with a bit of roller on the Coast,
fore Washing Tons grade is not of the pass only the Tangle and that is a comber,
style on a brush Box of Mure ole is nigh the Painting nor the sculpture on great,
for Mirror is the Venture to be of that cream,
milk & Honey is for the butter of a Cattle on the heard of a Summer vast.
Should I say read Tape than how would The world Pronounce the Word red,
shell Accent divide on the conscience to file than is the Cab in Net a wire or the pong,
ping in swimming a Radar shacks sound,
to Audio flute the Trumpet swanning to Corn on a simple sail,
is the fountain a breeze with Winds on a mechanical,
Watch or the wrest of the Piano buy the based,
true to song a Map out of strain,
brine stained glass Windows with letters Scribe to laugh,
knock of the Knock Knock stoke perfume with at Task,
be of From too the absinthe is than the Green Fair owes being Trending on the gave??
Full score tree fees route to pine knee Notes,
paragraph to Tablet drinks Marching call lend doors,
sigh fun to the milkshakes Ice Cream fact or real,
where is the Paints to sky of roof at Teal.
*Block cipher mode of operation
From Wikipedia, the free encyclopedia
(Redirected from Mode of operation)
"Mode of operation" redirects here. For "method of operating", see modus operandi.
In cryptography, a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV has to be non-repeating and, for some modes, random as well. The initialization vector is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the samekey. Block ciphers have one or more block size(s), but during transformation the block size is always fixed. Block cipher modes operate on whole blocks and require that the last part of the data be padded to a full block if it is smaller than the current block size. There are, however, modes that do not require padding because they effectively use a block cipher as a stream cipher.
Historically, encryption modes have been studied extensively in regard to their error propagation properties under various scenarios of data modification. Later development regarded integrity protection as an entirely separate cryptographic goal. Some modern modes of operation combine confidentiality and authenticity in an efficient way, and are known as authenticated encryption modes.
History and standardization
The earliest modes of operation, ECB, CBC, OFB, and CFB (see below for all), date back to 1981 and were specified in FIPS 81, DES Modes of Operation. In 2001, the USNational Institute of Standards and Technology (NIST) revised its list of approved modes of operation by including AES as a block cipher and adding CTR mode in SP800-38A,Recommendation for Block Cipher Modes of Operation. Finally, in January, 2010, NIST added XTS-AES in SP800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices. Other confidentiality modes exist which have not been approved by NIST. For example, CTS is ciphertext stealing mode and available in many popular cryptographic libraries.
The block cipher modes ECB, CBC, OFB, CFB, CTR, and XTS provide confidentiality, but they do not protect against accidental modification or malicious tampering. Modification or tampering can be detected with a separate message authentication code such as CBC-MAC, or a digital signature. The cryptographic community recognized the need for dedicated integrity assurances and NIST responded with HMAC, CMAC, and GMAC. HMAC was approved in 2002 as FIPS 198, The Keyed-Hash Message Authentication Code (HMAC), CMAC was released in 2005 under SP800-38B, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, and GMAC was formalized in 2007 under SP800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC.
After observing that compositing a confidentiality mode with an authenticity mode could be difficult and error prone, the cryptographic community began to supply modes which combined confidentiality and data integrity into a single cryptographic primitive. The modes are referred to as authenticated encryption, AE or "authenc". Examples of AE modes are CCM (SP800-38C), GCM (SP800-38D), CWC, EAX, IAPM, and OCB.
Modes of operation are nowadays defined by a number of national and internationally recognized standards bodies. Notable standards organizations include NIST, ISO (with ISO/IEC 10116), the IEC, the IEEE, the national ANSI, and the IETF.
Initialization vector (IV)
Main article: Initialization vector
An initialization vector (IV) or starting variable (SV) is a block of bits that is used by several modes to randomize the encryption and hence to produce distinct ciphertexts even if the same plaintext is encrypted multiple times, without the need for a slower re-keying process.
An initialization vector has different security requirements than a key, so the IV usually does not need to be secret. However, in most cases, it is important that an initialization vector is never reused under the same key. For CBC and CFB, reusing an IV leaks some information about the first block of plaintext, and about any common prefix shared by the two messages. For OFB and CTR, reusing an IV completely destroys security. This can be seen because both modes effectively create a bitstream that is XORed with the plaintext, and this bitstream is dependent on the password and IV only. Reusing a bitstream destroys security. In CBC mode, the IV must, in addition, be unpredictable at encryption time; in particular, the (previously) common practice of re-using the last ciphertext block of a message as the IV for the next message is insecure (for example, this method was used by SSL 2.0). If an attacker knows the IV (or the previous block of ciphertext) before he specifies the next plaintext, he can check his guess about plaintext of some block that was encrypted with the same key before (this is known as the TLS CBC IV attack).
Main article: Padding (cryptography)
A block cipher works on units of a fixed size (known as a block size), but messages come in a variety of lengths. So some modes (namely ECB and CBC) require that the final block be padded before encryption. Several padding schemes exist. The simplest is to add null bytes to the plaintext to bring its length up to a multiple of the block size, but care must be taken that the original length of the plaintext can be recovered; this is trivial, for example, if the plaintext is a C style string which contains no null bytes except at the end. Slightly more complex is the original DES method, which is to add a single one bit, followed by enough zero bits to fill out the block; if the message ends on a block boundary, a whole padding block will be added. Most sophisticated are CBC-specific schemes such as ciphertext stealing or residual block termination, which do not cause any extra ciphertext, at the expense of some additional complexity. Schneier and Ferguson suggest two possibilities, both simple: append a byte with value 128 (hex 80), followed by as many zero bytes as needed to fill the last block, or pad the last block with n bytes all with value n.
CFB, OFB and CTR modes do not require any special measures to handle messages whose lengths are not multiples of the block size, since the modes work by XORing the plaintext with the output of the block cipher. The last partial block of plaintext is XORed with the first few bytes of the last keystream block, producing a final ciphertext block that is the same size as the final partial plaintext block. This characteristic of stream ciphers makes them suitable for applications that require the encrypted ciphertext data to be the same size as the original plaintext data, and for applications that transmit data in streaming form where it is inconvenient to add padding bytes.
Many modes of operation have been defined. Some of these are described below.
Electronic Codebook (ECB)
|Random read access:||Yes|
The simplest of the encryption modes is the Electronic Codebook (ECB) mode. The message is divided into blocks, and each block is encrypted separately.
The disadvantage of this method is that identical plaintext blocks are encrypted into identical ciphertext blocks; thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
A striking example of the degree to which ECB can leave plaintext data patterns in the ciphertext can be seen when ECB mode is used to encrypt a bitmap image which uses large areas of uniform colour. While the colour of each individual pixel is encrypted, the overall image may still be discerned as the pattern of identically coloured pixels in the original remains in the encrypted version.
ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way.
Cipher Block Chaining (CBC)
|Cipher Block Chaining|
|Random read access:||Yes|
Ehrsam, Meyer, Smith and Tuchman invented the Cipher Block Chaining (CBC) mode of operation in 1976. In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.
If the first block has index 1, the mathematical formula for CBC encryption is
while the mathematical formula for CBC decryption is
CBC has been the most commonly used mode of operation. Its main drawbacks are that encryption is sequential (i.e., it cannot be parallelized), and that the message must be padded to a multiple of the cipher block size. One way to handle this last issue is through the method known as ciphertext stealing. Note that a one-bit change in a plaintext or IV affects all following ciphertext blocks.
Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct. This is because each block is XORed with the ciphertext of the previous block, not the plaintext, so one does not need to decrypt the previous block before using it as the IV for the decryption of the current one. This means that a plaintext block can be recovered from two adjacent blocks of ciphertext. As a consequence, decryption can be parallelized. Note that a one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext, and inverts the corresponding bit in the following block of plaintext, but the rest of the blocks remain intact. This peculiarity is exploited in different padding oracle attacks, such as POODLE.
Explicit Initialization Vectors takes advantage of this property by prepending a single random block to the plaintext. Encryption is done as normal, except the IV does not need to be communicated to the decryption routine. Whatever IV decryption uses, only the random block is "corrupted". It can be safely discarded and the rest of the decryption is the original plaintext.
Propagating Cipher Block Chaining (PCBC)
|Propagating Cipher Block Chaining|
|Random read access:||No|
The Propagating Cipher Block Chaining or plaintext cipher-block chaining mode was designed to cause small changes in the ciphertext to propagate indefinitely when decrypting, as well as when encrypting. In PCBC mode, each block of plaintext is XORed with the XOR of the previous plaintext block and the previous ciphertext block before being encrypted. As with CBC mode, an initialization vector is used in the first block.
Encryption and decryption algorithms are as follows:
PCBC is used in Kerberos v4 and WASTE, most notably, but otherwise is not common. On a message encrypted in PCBC mode, if two adjacent ciphertext blocks are exchanged, this does not affect the decryption of subsequent blocks. For this reason, PCBC is not used in Kerberos v5.
Cipher Feedback (CFB)
|Random read access:||Yes|
The Cipher Feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse:
By definition of self-synchronising cipher, if part of the ciphertext is lost (e.g. due to transmission errors), then receiver will lose only some part of the original message (garbled content), and should be able to continue correct decryption after processing some amount of input data. This simplest way of using CFB described above is not any more self-synchronizing than other cipher modes like CBC. Only if a whole blocksize of ciphertext is lost both CBC and CFB will synchronize, but losing only a single byte or bit will permanently throw off decryption. To be able to synchronize after the loss of only a single byte or bit, a single byte or bit must be encrypted at a time. CFB can be used this way when combined with a shift register as the input for the block cipher.
To use CFB to make a self-synchronizing stream cipher that will synchronize for any multiple of x bits lost, start by initializing a shift register the size of the block size with the initialization vector. This is encrypted with the block cipher, and the highest x bits of the result are XOR'ed with x bits of the plaintext to produce x bits of ciphertext. These x bits of output are shifted into the shift register, and the process repeats with the next x bits of plaintext. Decryption is similar, start with the initialization vector, encrypt, and XOR the high bits of the result with x bits of the ciphertext to produce x bits of plaintext. Then shift the x bits of the ciphertext into the shift register. This way of proceeding is known as CFB-8 or CFB-1 (according to the size of the shifting).
In notation, where Si is the ith state of the shift register, a << x is a shifted up x bits, head(a, x) is the x highest bits of a and n is number of bits of IV:
If x bits are lost from the ciphertext, the cipher will output incorrect plaintext until the shift register once again equals a state it held while encrypting, at which point the cipher has resynchronized. This will result in at most one blocksize of output being garbled.
Like CBC mode, changes in the plaintext propagate forever in the ciphertext, and encryption cannot be parallelized. Also like CBC, decryption can be parallelized. When decrypting, a one-bit change in the ciphertext affects two plaintext blocks: a one-bit change in the corresponding plaintext block, and complete corruption of the following plaintext block. Later plaintext blocks are decrypted normally.
CFB shares two advantages over CBC mode with the stream cipher modes OFB and CTR: the block cipher is only ever used in the encrypting direction, and the message does not need to be padded to a multiple of the cipher block size (though ciphertext stealing can also be used to make padding unnecessary).
Output Feedback (OFB)
|Random read access:||No|
The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error correcting codes to function normally even when applied before encryption.
Because of the symmetry of the XOR operation, encryption and decryption are exactly the same:
Each output feedback block cipher operation depends on all previous ones, and so cannot be performed in parallel. However, because the plaintext or ciphertext is only used for the final XOR, the block cipher operations may be performed in advance, allowing the final step to be performed in parallel once the plaintext or ciphertext is available.
It is possible to obtain an OFB mode keystream by using CBC mode with a constant string of zeroes as input. This can be useful, because it allows the usage of fast hardware implementations of CBC mode for OFB mode encryption.
Using OFB mode with a partial block as feedback like CFB mode reduces the average cycle length by a factor of or more. A mathematical model proposed by Davies and Parkin and substantiated by experimental results showed that only with full feedback an average cycle length near to the obtainable maximum can be achieved. For this reason, support for truncated feedback was removed from the specification of OFB.
|Random read access:||Yes|
- Note: CTR mode (CM) is also known as integer counter mode (ICM) and segmented integer counter (SIC) mode
Like OFB, Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular. The usage of a simple deterministic input function used to be controversial; critics argued that "deliberately exposing a cryptosystem to a known systematic input represents an unnecessary risk." However, today CTR mode is widely accepted and any problems are considered a weakness of the underlying block cipher, which is expected to be secure regardless of systemic bias in its input. Along with CBC, CTR mode is one of two block cipher modes recommended by Niels Ferguson and Bruce Schneier.
CTR mode has similar characteristics to OFB, but also allows a random access property during decryption. CTR mode is well suited to operate on a multi-processor machine where blocks can be encrypted in parallel. Furthermore, it does not suffer from the short-cycle problem that can affect OFB.
If the IV/nonce is random, then they can be combined together with the counter using any lossless operation (concatenation, addition, or XOR) to produce the actual unique counter block for encryption. In case of a non-random nonce (such as a packet counter), the nonce and counter should be concatenated (e.g. storing nonce in upper 64-bit and the counter in lower 64-bit). Simply adding or XORing the nonce and counter into a single value would completely break the security under a chosen-plaintext attack.
Note that the nonce in this diagram is equivalent to the initialization vector (IV) in the other diagrams. However, if the offset/location information is corrupt, it will be impossible to partially recover such data due to the dependence on byte offset.
Before the widespread use of message authentication codes and authenticated encryption, it was common to discuss the "error propagation" properties as a selection criterion for a mode of operation. It might be observed, for example, that a one-block error in the transmitted ciphertext would result in a one-block error in the reconstructed plaintext for ECB mode encryption, while in CBC mode such an error would affect two blocks.
Some felt that such resilience was desirable in the face of random errors (e.g., line noise), while others argued that error correcting increased the scope for attackers to maliciously tamper with a message.
However, when proper integrity protection is used, such an error will result (with high probability) in the entire message being rejected. If resistance to random error is desirable,error-correcting codes should be applied to the ciphertext before transmission.
Main article: Authenticated encryption
A number of modes of operation have been designed to combine secrecy and authentication in a single cryptographic primitive. Examples of such modes are XCBC, IACBC,IAPM, OCB, EAX, CWC, CCM, and GCM. Authenticated encryption modes are classified as single pass modes or double pass modes. Unfortunately for the cryptographic user community, many of the single pass authenticated encryption algorithms (such as OCB mode) are patent encumbered.
In addition, some modes also allow for the authentication of unencrypted associated data, and these are called AEAD (Authenticated-Encryption with Associated-Data) schemes. For example, EAX mode is a double pass AEAD scheme while OCB mode is single pass.
Other modes and other cryptographic primitives
Many more modes of operation for block ciphers have been suggested. Some have been accepted, fully described (even standardized), and are in use. Others have been found insecure, and should never be used. Still others don't categorize as confidentiality, authenticity, or authenticated encryption - for example key feedback mode and Davies-Meyerhashing.
Disk encryption often uses special purpose modes specifically designed for the application. Tweakable narrow-block encryption modes (LRW, XEX, and XTS) and wide-block encryption modes (CMC and EME) are designed to securely encrypt sectors of a disk. (See disk encryption theory)
Block ciphers can also be used in other cryptographic protocols. They are generally used in modes of operation similar to the block modes described here. As with all protocols, to be cryptographically secure, care must be taken to build them correctly.
There are several schemes which use a block cipher to build a cryptographic hash function. See one-way compression function for descriptions of several such methods.
Cryptographically secure pseudorandom number generators (CSPRNGs) can also be built using block ciphers.