Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Various examples I’ve seen use “AES/CBC/PKCS7Padding” when I get a cypher instance. Obviously AES is the crypto algorithm, what is CBC? What are the pros and cons of various different padding approaches like PKCS7Padding?
I wish to use this to encrypt individual UDP packets end-to-end – any reason that would be unwise?
As far as the
CBCmode of operation is concerned, it is recommended to use it in place ofECBwhen possible. Especially on plain text encryption, or data that repeat a lot. (Network protocols obviously belong to this category)The
ECB(Electronic Code Block) process each block independently. Thus identical blocks will be encrypted identically for each occurrence in the stream. WithCCB(Cipher Block Chaining) the state of the previous block encryption is propagated, then identical block are coded with a differentsaltwhich makes the result differs from one to another occurrence of an identical block.On the padding thing. The objective is to be able to unambiguously remove the padding in the decrypt process. I did not go through the “why” one is better than an other, but I you can find some explanation in Niels Ferguson and Bruce Schneier book since they recommend PKCS padding or the
0x80 0x00 ...padding.Take care when using your AES over multiple languages and/or cryptographic librairies. In fact, implementations seem to differ a lot for that single algorithm. Sometimes, it’s just default parameters, sometimes there are no other parameters.