[{"@context":"http:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/operation-mode-cryptography-wikipedia\/#BlogPosting","mainEntityOfPage":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/operation-mode-cryptography-wikipedia\/","headline":"Operation mode (cryptography) – Wikipedia","name":"Operation mode (cryptography) – Wikipedia","description":"before-content-x4 In cryptography, a block encryption mode is an algorithm that uses block encryption to ensure the security of information","datePublished":"2018-03-01","dateModified":"2018-03-01","author":{"@type":"Person","@id":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/author\/lordneo\/#Person","name":"lordneo","url":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/author\/lordneo\/","image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/44a4cee54c4c053e967fe3e7d054edd4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/44a4cee54c4c053e967fe3e7d054edd4?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"Enzyklop\u00e4die","logo":{"@type":"ImageObject","@id":"https:\/\/wiki.edu.vn\/wiki4\/wp-content\/uploads\/2023\/08\/download.jpg","url":"https:\/\/wiki.edu.vn\/wiki4\/wp-content\/uploads\/2023\/08\/download.jpg","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/thumb\/3\/38\/Info_Simple.svg\/12px-Info_Simple.svg.png","url":"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/thumb\/3\/38\/Info_Simple.svg\/12px-Info_Simple.svg.png","height":"12","width":"12"},"url":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/operation-mode-cryptography-wikipedia\/","wordCount":9657,"articleBody":"     (adsbygoogle = window.adsbygoogle || []).push({});before-content-x4In cryptography, a block encryption mode is an algorithm that uses block encryption to ensure the security of information such as confidentiality or authenticity. [ first ]        (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4A block encryption itself is only suitable for secure cryptographic transformation (costing or deciphering) of a group of bits of fixed length called block. [ 2 ] An operation mode describes how to repeat the monobloc operation of an encryption to transform the amounts of data higher than a block. [ 3 ] , [ 4 ] , [ 5 ] Most modes require a unique binary sequence, often called initialization vector (IV), for each encryption operation. The IV must be non -repetitive and, for certain modes, also random. The initialization vector is used to ensure that separate encrypted texts are produced even when the same clear text is encrypted several times independently with the same key. [ 6 ] Block figures may be able to operate on more than one block size, but during transformation, the size of the block is always fixed. The block encryption modes operate on whole blocks and require that the last part of the data is filled to form a complete block if it is lower than the current block size. However, there are modes that do not require filling because they effectively use block encryption as a flow encryption.        (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4Historically, encryption methods have been widely studied with regard to their propagation properties of errors in various data modification scenarios. Subsequent development considered the protection of integrity as an entirely distinct cryptographic objective. Some modern operating modes combine confidentiality and authenticity effectively, and are known as authenticated encryption modes. [ 7 ]   The first operating modes, ECB, CBC, OFB and CFB (see below for all), date back to 1981 and were specified in FIPS 81 , Operational modes of . In 2001, the National Institute of Standards and Technology (NIST) revised its list of approved operating modes including AES as block encryption and adding CTR mode in SP800-38A , Recommendation for Block Cipher Modes of Operation .        (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4Finally, in January 2010, the NIST added Xts-Aes in SP800-38E , Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices . There are other modes of confidentiality that have not been approved by the NIST. For example, CTS is a figure of encrypted text and available in many popular cryptographic libraries. The encryption modes by Bloc ECB, CBC, OFB, CFB, CTR and XTS ensure confidentiality, but they do not protect against accidental modifications or malicious falsifications. Modification or falsification can be detected using a MAC code (Authentication Code in English, or distinct authentication code), such as CBC-Mac, or digital signature. The cryptographic community has recognized the need for dedicated integrity guarantees and the NIST responded with HMAC, CMAC and GMAC.HMAC was approved in 2002 as FIPS 198 , The Keyed-Hash Message Authentication Code (HMAC) , CMAC was published in 2005 under SP800-38B , Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication , and GMAC was formalized in 2007 under SP800-38D , Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC . The cryptographic community observed that the composition (combination) of a mode of confidentiality with a mode of authenticity could be difficult and subject to errors. They therefore began to provide modes that combined confidentiality and integrity of data into a single cryptographic primitive (an encryption algorithm). These combined modes are called authenticated, AE or “Authenc” encryption. Examples of AE modes are CCM ( SP800-38C ), GCM ( SP800-38D ), CWC, EAX, IAPM, et OCB. The operating methods are defined by a number of recognized national and international standardization organizations. Notable standardization organizations include NIST, ISO (with ISO\/IEC 10116 [ 5 ] ) L’IEC, l’ieee, l’ansi et l’Ietf. An initialization vector (IV), or starting variable (SV) [ 5 ] , is a bit block used by several modes to randomize encryption and therefore to produce separate encrypted texts even if the same clear text is encrypted several times, without the need for a slower re -entertainment process. An initialization vector has different security requirements from a key, so that IV generally does not need to be secret. For most modes of encryption per block, it is important that an initialization vector is never reused under the same key, that is to say that it must be a cryptographic nuncio. Many modes of block encryption have stronger requirements, such as IV must be random or pseudo-random. Some block figures have specific problems with certain initialization vectors, such as all IV zero generating any encryption (for certain keys). It is recommended to examine the IV requirements relevant to the mode of encryption by particular block in relevant specifications, for example SP800-38A . For CBC and CFB, the reuse of an IV discloses certain information on the first clear text block and on any common prefix shared by the two messages. For OFB and CTR, the reuse of an IV leads to the reuse of the key binary flow, which breaks security. [ 8 ] This can be seen because the two modes effectively create an Xore binary flow with the text in clear, and this bits flow depends only on the key and the IV. In CBC mode, IV must be unpredictable (random or pseudo-random) at the time of encryption; In particular, the current practice (previously) consisting of reusing the last block of encrypted text of a message as IV for the following message is not secure (for example, this method was used by SSL 2.0). If an attacker knows the IV (or the previous block of encrypted text) Before the text in the following clear is specified, he can check his supposition on the text in the light of a block which was encrypted with the same key before ( This is called the TLS CBC IV attack). [ 9 ] For some keys, a zero initialization vector can generate block encryption modes (CFB-8, OFB-8) to block the internal state at zero.For CFB-8, an all zero IV and a clear clear text, causes 1\/256 keys to generate any costing, the text in the clear is returned in the form of an encrypted text. [ ten ] For OFB-8, the use of all zero initialization vectors will not generate any encryption for 1\/256 of the keys. [ 11 ] The OFB-8 encryption returns the non-encrypted raw text for the affected keys. Certain modes (such as AES-SIV and AES-GCM-SIV) are designed to be more resistant to abusive use, that is to say, resilients to the scenarios in which the random generation is defective or under the control of ‘attacker. Synthetic initialization vectors (SIV) synthesize an internal IV by performing an construction of pseudo-random function (PRF) called S2V on the input (additional data and clear text), preventing any external data from controlling IV directly . External nonces \/ IV can be introduced in S2V as additional data fields. AES-GCM-SIV synthesize an internal IV by performing the Polyval Galois authentication mode on the entry (additional data and clear text), followed by an AES operation. One block encryption works on fixed size units (called block size), but the messages are of different lengths. Thus, certain modes (namely ECB and CBC) require that the final block will be filled before encryption. Several filling systems ( padding in English) exist. The easiest way is to add zero bytes to the text in clear to bring its length to a multiple the size of the block, but you must ensure that the original length of the text in clear can be recovered; This is trivial, for example, if the text in clear is a chain in C language which does not contain any zero byte except at the end. A little more complex is the original method, which consists in adding a single bit, followed by enough zero bits to fill the block; If the message ends on a block limit, an entire filling block will be added. The most sophisticated are the specific diagrams for CBC such as the flight of encrypted text or the termination of a residual block, which do not cause any additional encrypted text, to the detriment of an additional complexity. Schneier and Ferguson suggest two possibilities, both simple: add an byte with the value 128 (hexadecimal 80), followed by as many zero bytes as necessary to fill the last block, or fill the last block with n bytes all with the value n . The CFB, OFB and CTR modes do not require special measures to manage messages whose lengths are not multiple the size of the block, because the modes work by Xoreing the text in clear with the output of the encryption per block. The last partial light block of clear text is xor\u00e9 with the first bytes of the last block of key flows, producing a final encrypted text block of the same size as the final light text block. This characteristic of flow figures makes them adapted to applications which require that encrypted data in encrypted text have the same size as the original text data, and to applications which transmit data in the form of streaming where it is not Not practical to add filling bytes. Table of ContentsAEAD: authenticated encryption with additional data modes [ modifier | Modifier and code ] Galois\/counter (GCM) [ modifier | Modifier and code ] COMPTER WITH COLDING CODE OF CHOSTAGE OF ENCOVATION BLOCKS (CCM) [ modifier | Modifier and code ] Synthetic initialization vector (SIV) [ modifier | Modifier and code ] AES-GCM-use [ modifier | Modifier and code ] Confidentiality modes only [ modifier | Modifier and code ] “Electronic Codebook block” (ECB): Codes Dictionary [ modifier | Modifier and code ] Example on text [ modifier | Modifier and code ] Example with an image [ modifier | Modifier and code ] Other ECB defects [ modifier | Modifier and code ] “Cipher Block Chaining” (CBC): Block sequence [ modifier | Modifier and code ] CBC defects [ modifier | Modifier and code ] “Counter” (CTR): encryption based on counter [ modifier | Modifier and code ] “Cipher feedback block” (CFB): feedback encryption [ modifier | Modifier and code ] “Output feedback” (OFB): exit feedback encryption [ modifier | Modifier and code ] “Cipherext Stealing” (CTS): encryption with theft of text [ modifier | Modifier and code ] “Propagatting Cipher Block Chaining” (PCBC): encryption by spreading the quantifieds in the channel [ modifier | Modifier and code ] “Xor-encrypt-xor” (XEX): or exclusive-chiffonment-or exclusive [ modifier | Modifier and code ] \u00ab\u00a0Tweaked CodeBook mode\u00a0\u00bb (TCB) [ modifier | Modifier and code ] Liskov, Rivest, Wagner (LRW) [ modifier | Modifier and code ] Xex-Tcb-Cts (XTS) [ modifier | Modifier and code ] AEAD: authenticated encryption with additional data modes [ modifier | Modifier and code ] A number of modes of operation have been designed to combine secret and authentication in a single cryptographic primitive. Examples of such modes are the extended chaining of encryption blocks (XCBC), le Chaining of conscious encryption blocks of integrity (IACBC), le parallelizable mode sensitive to integrity (IAPM), OCB, EAX, CWC, CCM and GCM. Authenticated encryption modes are classified as single -pasts or double pass modes. Certain authenticated encryption algorithms in a single pass, such as OCB mode, are burdened with patents, while others have been specifically designed and released in order to avoid such a charge. In addition, certain modes also allow authentication of non-encrypted associated data, and these are called diagrams AEAD (Authenticated Encryption With Associated Data). For example, EAX mode is a double -pass AEAD diagram while OCB mode is a single -sided mode. Galois\/counter (GCM) [ modifier | Modifier and code ] Galois\/counter mode (GCM) combines the well -known meter encryption mode with the new Galois authentication mode. The key characteristic is the ease of parallel calculation of the multiplication of Galois field used for authentication. This feature allows higher flow than encryption algorithms. GCM is defined for block figures with a 128 -bit block size. THE Galois message authentication code (GMAC) is an only GCM authentication variant which can form an incrementally message authentication code. GCM and GMAC can both accept initialization vectors of arbitrary length. GCM can take full advantage of the parallel treatment and the implementation of GCM can effectively use an instructions pipeline or a material pipeline. The mode of exploitation of Radio-Canada leads to blockages of pipelines which harm its efficiency and its performance. As in CTR, the blocks are sequentially numbered, then this block number is combined with IV and encrypted with block encryption, generally AES. The result of this encryption is then xor\u00e9 with the text in clear to produce the encrypted text. Like all counter modes, it is essentially a flow encryption, and it is therefore essential that a different IV is used for each encrypted flow.  The encrypted text blocks are considered as coefficients of a polynomial which is then evaluated at a point dependent on the key H, using the arithmetic of the finished bodies. The result is then encrypted, producing an authentication tag which can be used to check the integrity of the data. The encrypted text then contains the IV, the encrypted text and the authentication tag. COMPTER WITH COLDING CODE OF CHOSTAGE OF ENCOVATION BLOCKS (CCM) [ modifier | Modifier and code ] COMPTER WITH AUTHORIQUE CHEAGE OF CHIPING BLOCKS CHILDING (CBC-MAC; CCM) is an authenticated encryption algorithm designed to ensure both authentication and confidentiality. The CCM mode is only defined for block figures with a 128 -bit block length. [ twelfth ] , [ 13 ] Synthetic initialization vector (SIV) [ modifier | Modifier and code ] The synthetic initialization vector (SIV) is a mode of encryption by blocks resistant to the abusive use of nonce.SIV synthesizes an internal initialization vector (IV) using the S2V pseudo-random function. S2V is a function implementing a hash key based on CMAC. The input of the S2V function is: of the additional authenticated data (zero, one or more AAD fields are supported) The text in clear The authentication key (k first ). SIV figure the text in clear using: AES-CTR, of the result returned by the S2V function, the encryption key (k 2 ). SIV can also support external authenticated encryption based on a nonce, in which case it uses one of the fields of additional authenticated data . RFC5297 [ 14 ] specifies that in terms of interoperability, this is the last field of additional authenticated data which should be used as an external nuncio. Due to the use of two keys (the authentication key k first and the encryption key K 2 ), the names of name for the Siv AEAD variants can lead to a certain confusion; For example, aead_aes_siv_cmac_256 refers to AES-SIV with two AES-128 and non AES-256. AES-GCM-use [ modifier | Modifier and code ] AES-GCM-SIV is a mode of operation of the standard Encryption Advanced standard which offers performance similar to Galois\/counter mode (GCM) as well as resistance to misuse in the event of reuse of a cryptographic nonce. Construction is defined in the RFC 8452 . [ 15 ] AES-GCM-use synthesizes the internal IV. It derives a chopping of additional authenticated data and clear text using the Polyval Galois hash function. The hash is then encrypted by an AES key and used as an authentication tag and AES-CTR initialization vector. AES-GCM-use is an improvement compared to the very similar algorithm Gcm-use , with some very small changes (for example, the way AES-CTR is initialized), but which brings practical advantages to its safety “This addition allows to quantify up to 2 50 messages with the same key, compared to the significant limitation of only 2 32 Messages that were allowed with GCM-SIV. \u00bb\u00bb [ 16 ] Confidentiality modes only [ modifier | Modifier and code ] “Electronic Codebook block” (ECB): Codes Dictionary [ modifier | Modifier and code ] This is the simplest mode. The message to encrypt is divided into several blocks which are quantified independently one after the other with the same secret key [ 17 ] .The big defect of this method is that two blocks with the same content will be encrypted in the same way, so we can draw information from the encrypted text by looking for the identical sequences. We therefore obtain a “codes dictionary” with the correspondences between the clear and the quantified hence the term codebook . This mode is for these reasons strongly not recommended in any cryptographic application. The only advantage it can provide is quick access to any zone of the encrypted text and the possibility of deciphering part of the data. But a much safer mode based on a meter also allows these random access and partial deciphering.  Diagram with the stages of an ECB type mode. The clear text is cut into block and each block is encrypted, regardless of the others, with the encryption key. Example on text [ modifier | Modifier and code ] The following two messages are quoted with an ECB mode and an algorithm of block encryption which works with a block of two characters at a time. This type of file could correspond to a wage list. JOHN__105000JACK__500000 Encryption on the first message gives this: JO|HN|__|10|50|00Q9|2D|FP|VX|C9|IO And on the second message, we get: Ja | CK | __ | 50 | 00 | 00LD | AS | FP | C9 | I | I We note that pairs of characters appear in the two encrypted messages, the same goes in clear messages: Q9 | 2D | FP |VX| C9 | It LD|AS| FP | C9 | Me | I  Starting from the principle that John knows his salary, he could guess Jack’s salary because the sequence “C9” corresponds to “50” and “IO” to “00”. John deduces that Jack’s salary, quantified in “C9IOIO” corresponds to “500000”. Example with an image [ modifier | Modifier and code ] Vulnerability is even more blatant in an image. Indeed, the images are made up of many redundancies which mean that blocks are encrypted in the same way in ECB mode. In the example below, encryption in ECB is made on blocks of 4 pixels. We clearly distinguish the forms of the truck as well as the separations between the blocks. With a safer mode as CBC or CTR, the image has random content from which no information can be drawn first . However, this does not mean that encryption is safe, important flaws can also appear in patterns that produce random outings but they are not necessarily linked to the mode of operation. Encryption with a safe mode (other than ECB) Other ECB defects [ modifier | Modifier and code ] ECB has other negative effects on data integrity and protection. This mode is sensitive to “rehearsal attacks”: they consist in reinjecting data identical to those intercepted before. The goal is to modify the behavior of the system or repeat actions. For example, the Phantasy Star Online video game: Blue Burst used Blowfish encryption in ECB mode. Blowfish is a robust algorithm but the ECB mode was the open door for various cheating with for example players who sent quantified packages “defeated” on several occasions. As encryption was identical for all packages of this type, the server triggered the allocation of illegitimate points. Another mode could have counter this by producing different encryption for each package. A modification of the data flow with a better mode then leads to an erroneous decryption of the following data, a detection of corruption of data or fraud is thus possible. “Cipher Block Chaining” (CBC): Block sequence [ modifier | Modifier and code ] This mode consists in quantifying the i -th block previously combined by one or exclusive (XOR) with the quantified of the previous block and an initialization vector. It is a block of random data which allows you to start encryption of the first block and which thus provides a form of chance independent of the document to be encrypted. He does not need to be himself encrypted during transmission, but he must never be re-worked with the same key [ 17 ] . CBC defects [ modifier | Modifier and code ] One of the negative points of CBC being that it cannot be parallelized since the current block requires that the previous one is encrypted. It is therefore sequential. Depending on the implementation that is made, CBC mode can be vulnerable to the “Padding Oracle” method which allows you to find the blocks in clear. CBC mode being a block encryption mode, it is necessary to add “padding” at the end of each un -filled block. With an understanding of the functioning of “padding” (PKCS7) and using modern mathematics, it is possible to find the whole message in clear. “Counter” (CTR): encryption based on counter [ modifier | Modifier and code ] In CTR mode (English Counter ), it is a concatenate initialization vector with a counter (generally written in binary) which is encrypted and which produces a block pseudo-random which will be used to mask clear message blocks by an exclusive (xor) bit bit as in Vernam’s figure by disposable mask. The bits suite used to hide the message is called quantity . This mode is represented in the figure below (note that the Initialization vector – called a key on the diagram – and the Counter are to be concatenor). As in CBC mode, the initialization vector is added to the encrypted and should never be reused with the same key. [ 18 ] This mode combines many advantages because it is pre-capable. In addition, it allows random access to the data, is parallelisable and only uses the encryption function. The meter used can be a pseudo-random continuation that it will be easy to find from the initialization vector. “Cipher feedback block” (CFB): feedback encryption [ modifier | Modifier and code ] The CFB encryption mode is a block encryption and a combination of CBC and CTR modes which consists in masking the i -th block of the clear text by the encryption of the previous block of the encrypted text. [ 18 ] In this mode, the key flow is obtained by encrypting the previous encrypted block. Its great interest is that it only requires the encryption function, which makes it cheaper to wire or program for algorithms with a different encryption function of the deciphering function (example: AES). “Output feedback” (OFB): exit feedback encryption [ modifier | Modifier and code ] In this mode, the key flow is obtained by encrypting the previous key flow. It is a block encryption mode which has the same advantages as CFB. In addition, it is possible to pre-calcrate it by successively encrypting the initialization vector. It is therefore only sure if the encryption function combined with the key form a good pseudo-random suite. This mode is very fragile with regard to a clear attack. Indeed, on the sole condition of knowing the initialization vector of a encrypted message and knowing the clear of another encrypted message, the attacker can easily reconstruct the chain having quantified the first message and therefore decipher the latter .This fragility is found in CFB mode, except that only the first block of the message can be reconstructed in this way, the attacker needs to decipher the block message, by providing each time all the previous blocks , so as to recover the chain having encrypted the following block (chosen light attack). “Cipherext Stealing” (CTS): encryption with theft of text [ modifier | Modifier and code ] In this mode, applicable to block encryption (ECB, CBC, etc.), the last two blocks are partially combined so as to obtain a message of the same size. Here, example of CTS operating on encryption in CBC mode The last two blocks are exchanged and combined in part, which will require them both to decipher one. CTS is not a mode of encryption by flow, but makes it possible to avoid the use of stuffing in the figures by blocks, and gives a size of encrypted message equal to the size of the clear message. It is widely used in protocols or formats not supporting any size. His counterpart, operating on a deciphering in CBC mode: “Propagatting Cipher Block Chaining” (PCBC): encryption by spreading the quantifieds in the channel [ modifier | Modifier and code ] “Xor-encrypt-xor” (XEX): or exclusive-chiffonment-or exclusive [ modifier | Modifier and code ] OUX encryption is bit to bit bit that uses the mathematical properties of the function or exclusive in particular this equality ( a \u2295 b ) \u2295 b = a {displaystyle (aoplus b)oplus b=a} ; a {displaystyle a} will be the text to encrypt and b {displaystyle b} will be the encryption key. Here is an illustrated example with the letter F encrypted with the key V: F corresponds to the ASCII 70 code represented by 01110000 in binary. V corresponds to the ASCII 86 code represented by 10000110 in binary. Texte and Clair (F and ASCII) Cl\u00e9 (V and ASCII) Quantified text 0 first first first 0 first first 0 first first 0 first 0 0 0 0 first first 0 0 0 0 first first \u00ab\u00a0Tweaked CodeBook mode\u00a0\u00bb (TCB) [ modifier | Modifier and code ] Liskov, Rivest, Wagner (LRW) [ modifier | Modifier and code ] LRW is used by Freeotfe, Bestcrypt and DM-Crypt software. Xex-Tcb-Cts (XTS) [ modifier | Modifier and code ] In this mode, the key is separated into two keys of equal size, so that: key = key 1 | Key 2. The letter I represents the sector number: XTS is used by Corestorage, Freeotfe, Bestcrypt, DM-Crypt and Truecrypt. None of the above modes protects the integrity of the message. It is generally understood that when data is encrypted, it is almost always essential to provide such a mechanism, because in its absence, the risks are large. For this need, we can use an authentication code (HMAC) which will protect the encrypted message and the initialization vector. Before this feeling was widely shared, it was common to discuss the characteristics of “error propagation”. It could be observed, for example, that an error block in the encrypted message would generate an error block during deciphering in ECB mode, while in CBC mode, the same error affected two blocks. In any case, when real integrity protection is implemented, such errors will cause (with great probability) to rejection of the full message. If it is desirable to tolerate random errors, the encrypted message should be applied to an error correction code before being transmitted. Otherwise, operational methods are designed specifically to combine security and authentication, such as, for example XCBC, IACBC, IAPM, OCB, EAX, CWC or CCM. \u2191  NIST Computer Security Division’s (CSD) Security Technology Group (STG), ‘ Block cipher modes \u00bb  [ Archive du 6 novembre 2012] , on Cryptographic Toolkit , NIST, two thousand and thirteen (consulted the April 12,2013 )  \u2191  Ferguson, N., Cut, B. It Kohno, T., Cryptography Engineering: Design Principles and Practical Applications , Indianapolis, Wiley Publishing, Inc., 2010 , 63, 64 (ISBN\u00a0 978-0-470-47424-2 )  \u2191  NIST Computer Security Division’s (CSD) Security Technology Group (STG), ‘ Proposed modes \u00bb  [ Archive du 2 avril 2013] , on Cryptographic Toolkit , NIST, two thousand and thirteen (consulted the April 14, 2013 )  \u2191  Alfred J. Menezes, Paul C. van Oorschot et Scott A. vanstone, Handbook of Applied Cryptography , CRC Press, 1996 , 228\u2013233  (ISBN\u00a0 0-8493-8523-7-7 , read online  )  \u2191 A B and C  ‘ ISO\/IEC 10116:2006 \u2013 Information technology \u2013 Security techniques \u2013 Modes of operation for an n -bit block cipher \u00bb, ISO Standards Catalogue , 2006 ( read online  [ Archive du 17 mars 2012] )  \u2191 (in) Eric Conrad , Seth Misnar it joshua Feldman , Chapter 3 – Domain 3: Security engineering , Syngress, first is January 2017 , 47\u201393 p.  (ISBN\u00a0 978-0-12-811248-9 , DOI\u00a0 10.1016\/B978-0-12-811248-9.00003-6 , read online )  \u2191  NIST Computer Security Division’s (CSD) Security Technology Group (STG), ‘ Current modes \u00bb  [ Archive du 2 avril 2013] , on Cryptographic Toolkit , NIST, two thousand and thirteen (consulted the April 12,2013 )  \u2191 ‘ Stream Cipher Reuse: A Graphic Example \u00bb  [ Archive du January 25, 2015 ] , Cryptosmith LLC, May 31, 2008 (consulted the January 7, 2015 )  \u2191 B. Moeller, Security of CBC Ciphersuites in SSL\/TLS: Problems and Countermeasures , May 20, 2004 ( read online  [ archive du 30 juin 2012] )  \u2191 Tom Tervoort , ‘ Zerologon: Unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472) \u00bb , on Dryness  (consulted the October 14, 2020 )  \u2191 Blaufish , ‘ Netlogon CFB8 considered harmful. OFB8 also. \u00bb , on GitHub , October 14, 2020 (consulted the October 14, 2020 )  \u2191 Model: CITE TECHREPORT  \u2191 Model: CITE IETF  \u2191 And Harkins , ‘ Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES) \u00bb , October 2008 (consulted the October 21, 2020 )  \u2191 Model: CITE IETF  \u2191 Shay Gueron , Adam Langley et yhuda Lindell \u00ab AES-GCM-SIV: Specification and Analysis \u00bb, Cryptology ePrint Archive , vol. \u00a0Report, n you 2017\/168, December 14, 2018 ( read online , consulted the October 19, 2020 )  \u2191 a et b Vergnaud 2012, cryptography exercises and problems – 3rd edition, chapter 2, p. 42.  \u2191 a et b Vergnaud 2012, cryptography exercises and problems – 3rd edition, chapter 2, p. 43.        (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4"},{"@context":"http:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/#breadcrumbitem","name":"Enzyklop\u00e4die"}},{"@type":"ListItem","position":2,"item":{"@id":"https:\/\/wiki.edu.vn\/all2en\/wiki32\/operation-mode-cryptography-wikipedia\/#breadcrumbitem","name":"Operation mode (cryptography) – Wikipedia"}}]}]