Ciphershttp://www.cryptoden.com/index.php/ciphers/30-aes2015-07-03T08:42:14+00:00Joomla! - Open Source Content ManagementAES2014-05-12T10:53:01+00:002014-05-12T10:53:01+00:00http://www.cryptoden.com/index.php/aesSuper Usermikejcowan@me.com<div class="feed-description"><p style="text-align: center;"><strong>AES cipher</strong></p>
<p style="text-align: left;">Here you can encipher or decipher AES in ECB Mode or in CTR mode.</p>
<p><strong><a href="programs/aesECB.php">Click here to run AES in ECB Mode</a></strong></p>
<p><strong><a href="programs/aesCTR.php">Click here to run AES in CTR Mode </a></strong></p>
<p>You can view the program codes by clicking here for <a href="articles/aesECB%20Program.pdf">ECB</a> mode and here for <a href="articles/aesCTR%20Program.pdf">CTR</a> mode.</p>
<p><strong>Notes on the AES cipher</strong></p>
<p>The preparatory stage of AES extends an input password into a Key Schedule, utilising substitution, transposition and matrix multiplication in the Galois Field (details later).</p>
<p>The core of AES utilises the Key Schedule to process input in 16-byte blocks over a number of rounds, with several of the above operations per round. The output is 16 bytes of, in effect, random numbers.</p>
<p>AES can be used to encipher in one of several alternative modes, described below.</p>
<p><br /><strong>Notes on the password.</strong></p>
<p>The user inputs a password which is extended, by repetition, to 128, 192 or 256 bits -- depending on the user's choice. The entropy of the enciphering system is determined by the input password itself.</p>
<p><strong>It is the responsibility of the user to ensure enough entropy in their password to meet their security requirements.</strong></p>
<p>Wikipedia tells us that NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 12-character random password from a 95-character alphabet. (1)</p>
<p><span style="line-height: 1.3em;">Looking forward, many observers currently think 128 bits is sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256-bit AES keys for highly sensitive data</span><span style="line-height: 1.3em;">.(2)</span></p>
<p><span style="line-height: 1.3em;">How long would it take to Brute Force an AES key of 128 bits? According to one source (3) it would take a billion billion years. If this is correct and the security I want is to be proof against such an attack for 10 years, then the entropy I require in my key is</span></p>
<p>2^128 *10/10^18 = approx 73 bits.</p>
<p>To obtain this using just the 92 characters available on my keyboard I would need 11 randomly chosen characters in my password. However I feel more comfortable with a good factor of safety and thus use a full 16 character password.</p>
<p>(1)http://en.wikipedia.org/wiki/Password_strength<br />(2)http://en.wikipedia.org/wiki/Key_size<br />(3)http://www.eetimes.com/document.asp?doc_id=1279619</p>
<p><strong>Notes on AES Electronic Code Book Mode (ECB)</strong></p>
<p>The Key Schedule is made from the extended password.</p>
<p>The input plaintext is checked to ensure all characters are in the Asc ii set. Then it is padded to be an integral number of 16-byte blocks. The amount of padding necessary is noted as the first character of the ciphertext.</p>
<p>The plaintext is enciphered in 16-byte blocks with the Key Schedule to form the rest of the ciphertext, which is then Base64 encoded to produce the output.</p>
<p>Decipherment uses the same Key Schedule but the substitution, transposition and Matrix multiplication operations are reversed and are carried out in reverse order. </p>
<p>A weakness of this mode is that repeats of plaintext between one block and another lead to repeats in the ciphertext.</p>
<p><strong>Notes on AES in Counter Mode (CTR)</strong></p>
<p>The Key Schedule is made from the password as in ECB mode.</p>
<p>An 8-byte nonce is made and combined with an 8-byte counter to provide a 16-byte block that is then enciphered with the Key Schedule to produce 16-bytes of random numbers. These are then xored with 16 bytes of plaintext to produce ciphertext.</p>
<p>The counter is set to zero for the first 16 bytes and then incremented for each successive block of 16 bytes. In this way a new set of 16 random numbers is created to xor each successive block of 16 bytes of plaintext.</p>
<p><span style="line-height: 1.3em;">The nonce is made for each message from a seed derived from the current microtime. The nonce is prepended to the ciphertext, to be used in decipherment.</span></p>
<p>The weakness mentioned above for the ECB method is absent in CTR mode and there is no need for padding of the plaintext.</p></div><div class="feed-description"><p style="text-align: center;"><strong>AES cipher</strong></p>
<p style="text-align: left;">Here you can encipher or decipher AES in ECB Mode or in CTR mode.</p>
<p><strong><a href="programs/aesECB.php">Click here to run AES in ECB Mode</a></strong></p>
<p><strong><a href="programs/aesCTR.php">Click here to run AES in CTR Mode </a></strong></p>
<p>You can view the program codes by clicking here for <a href="articles/aesECB%20Program.pdf">ECB</a> mode and here for <a href="articles/aesCTR%20Program.pdf">CTR</a> mode.</p>
<p><strong>Notes on the AES cipher</strong></p>
<p>The preparatory stage of AES extends an input password into a Key Schedule, utilising substitution, transposition and matrix multiplication in the Galois Field (details later).</p>
<p>The core of AES utilises the Key Schedule to process input in 16-byte blocks over a number of rounds, with several of the above operations per round. The output is 16 bytes of, in effect, random numbers.</p>
<p>AES can be used to encipher in one of several alternative modes, described below.</p>
<p><br /><strong>Notes on the password.</strong></p>
<p>The user inputs a password which is extended, by repetition, to 128, 192 or 256 bits -- depending on the user's choice. The entropy of the enciphering system is determined by the input password itself.</p>
<p><strong>It is the responsibility of the user to ensure enough entropy in their password to meet their security requirements.</strong></p>
<p>Wikipedia tells us that NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 12-character random password from a 95-character alphabet. (1)</p>
<p><span style="line-height: 1.3em;">Looking forward, many observers currently think 128 bits is sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256-bit AES keys for highly sensitive data</span><span style="line-height: 1.3em;">.(2)</span></p>
<p><span style="line-height: 1.3em;">How long would it take to Brute Force an AES key of 128 bits? According to one source (3) it would take a billion billion years. If this is correct and the security I want is to be proof against such an attack for 10 years, then the entropy I require in my key is</span></p>
<p>2^128 *10/10^18 = approx 73 bits.</p>
<p>To obtain this using just the 92 characters available on my keyboard I would need 11 randomly chosen characters in my password. However I feel more comfortable with a good factor of safety and thus use a full 16 character password.</p>
<p>(1)http://en.wikipedia.org/wiki/Password_strength<br />(2)http://en.wikipedia.org/wiki/Key_size<br />(3)http://www.eetimes.com/document.asp?doc_id=1279619</p>
<p><strong>Notes on AES Electronic Code Book Mode (ECB)</strong></p>
<p>The Key Schedule is made from the extended password.</p>
<p>The input plaintext is checked to ensure all characters are in the Asc ii set. Then it is padded to be an integral number of 16-byte blocks. The amount of padding necessary is noted as the first character of the ciphertext.</p>
<p>The plaintext is enciphered in 16-byte blocks with the Key Schedule to form the rest of the ciphertext, which is then Base64 encoded to produce the output.</p>
<p>Decipherment uses the same Key Schedule but the substitution, transposition and Matrix multiplication operations are reversed and are carried out in reverse order. </p>
<p>A weakness of this mode is that repeats of plaintext between one block and another lead to repeats in the ciphertext.</p>
<p><strong>Notes on AES in Counter Mode (CTR)</strong></p>
<p>The Key Schedule is made from the password as in ECB mode.</p>
<p>An 8-byte nonce is made and combined with an 8-byte counter to provide a 16-byte block that is then enciphered with the Key Schedule to produce 16-bytes of random numbers. These are then xored with 16 bytes of plaintext to produce ciphertext.</p>
<p>The counter is set to zero for the first 16 bytes and then incremented for each successive block of 16 bytes. In this way a new set of 16 random numbers is created to xor each successive block of 16 bytes of plaintext.</p>
<p><span style="line-height: 1.3em;">The nonce is made for each message from a seed derived from the current microtime. The nonce is prepended to the ciphertext, to be used in decipherment.</span></p>
<p>The weakness mentioned above for the ECB method is absent in CTR mode and there is no need for padding of the plaintext.</p></div>