Hi All

If you need proof that cryptographic standards move slowly, look no further.

Thirty-one years ago, Bruce Schneier lambasted ECB mode in his seminal book, Applied Cryptography. Finally, in 2024, it’s about to be banned in the standards.

Electronic codebook (ECB) is a block-cipher mode that describes how to encrypt long messages. ECB is the simplest possible mode: the message is divided into equal-sized blocks, encrypted, and then concatenated. However, this simplicity caused a lot of problems.

One major issue is that patterns in the message show through as patterns in the encrypted data. This is best demonstrated in the classic penguin image, which I’ve included in this post. There’s so much structure and repeated data in the original image that the encrypted version still looks like a penguin.

Despite this problem (and others), ECB was widely adopted. Unfortunately, this made it very difficult to erase. Cryptographic standards have complex inter-dependencies, which makes it hard to remove a foundational ingredient like a cipher mode. It’s taken many years to get to the point where ECB can finally be killed.

Remember, just because something is standardised doesn’t mean it’s the best choice. Always do your research to find the best option.

However:  Still used in ISO Technical Committee 68 (TC68) Financial Services standards though… just like 3des it is “safe” if you use it only once and change the keys.

HBA, which is a quantum resistant mode. Recognized to comply with ISO/IEC 10116. Quantum Resistant Cryptography (QRC) provides it alongside with sector-specific standard eAES(R), itself an enhanced AES with much stronger quantum and classical resistance (whilst still optimized for existing e.g. AES-NI hardware).

Regards

Caute