top | item 34126832

(no title)

Leo_Verto | 3 years ago

To add onto this, the reason ECB mode is so horribly bad, is that it produces the same cyphertext for blocks with the same plaintext.

This allows an attacker to detect repeating plain text segments, e.g. reused passwords.

The Wikipedia article on block cypher modes illustrates this problem rather well [1].

[1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation...

discuss

zinekeller|3 years ago

ECB Penguin! (https://words.filippo.io/the-ecb-penguin/)

Also, I've just learned that the quintessential file has been recently replaced. I understand the need for a higher resolution file, but I'm still a bit sad.

evandale|3 years ago

Hah, that first tweet is classic https://xkcd.com/1053/ and I'm one of the 10000 today :) Today is the first time I've seen the penguin!

ilyt|3 years ago

... actually that might be a "feature" for them, they do have duplicate password report, I had assumed that's just based off decrypted ones on client side but they might be just using ECB for that

insanitybit|3 years ago

That report requires you enter your master password, so I doubt it.

bbbbb5|3 years ago

>This allows an attacker to detect repeating plain text segments, e.g. reused passwords.

This is hardly a problem, any login form will also allow an attacker to do this.