AES

AES cipher

Here you can encipher or decipher AES in ECB Mode or in CTR mode.

Click here to run AES in ECB Mode

Click here to run AES in CTR Mode 

You can view the program codes by clicking here for ECB mode and here for CTR mode.

Notes on the AES cipher

The preparatory stage of AES extends an input password into a Key Schedule, utilising substitution, transposition and matrix multiplication in the Galois Field (details later).

The core of AES utilises the Key Schedule to process input in 16-byte blocks over a number of rounds, with several of the above operations per round. The output is 16 bytes of, in effect, random numbers.

AES can be used to encipher in one of several alternative modes, described below.


Notes on the password.

The user inputs a password which is extended, by repetition, to 128, 192 or 256 bits -- depending on the user's choice. The entropy of the enciphering system is determined by the input password itself.

It is the responsibility of the user to ensure enough entropy in their password to meet their security requirements.

Wikipedia tells us that NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 12-character random password from a 95-character alphabet. (1)

Looking forward, many observers currently think 128 bits is sufficient for the foreseeable future for symmetric algorithms of AES's quality. The U.S. Government requires 192 or 256-bit AES keys for highly sensitive data.(2)

How long would it take to Brute Force an AES key of 128 bits? According to one source (3) it would take a billion billion years.  If this is correct and the security I want is to be proof against such an attack for 10 years, then the entropy I require in my key is

2^128 *10/10^18 = approx 73 bits.

To obtain this using just the 92 characters available on my keyboard I would need 11 randomly chosen characters in my password. However I feel more comfortable with a good factor of safety and thus use a full 16 character password.

(1)http://en.wikipedia.org/wiki/Password_strength
(2)http://en.wikipedia.org/wiki/Key_size
(3)http://www.eetimes.com/document.asp?doc_id=1279619

Notes on AES Electronic Code Book Mode (ECB)

The Key Schedule is made from the extended password.

The input plaintext is checked to ensure all characters are in the Asc ii set. Then it is padded to be an integral number of 16-byte blocks. The amount of padding necessary is noted as the first character of the ciphertext.

The plaintext is enciphered in 16-byte blocks with the Key Schedule to form the rest of the ciphertext, which is then Base64 encoded to produce the output.

Decipherment uses the same Key Schedule but the substitution, transposition and Matrix multiplication operations are reversed and are carried out in reverse order. 

A weakness of this mode is that repeats of plaintext between one block and another lead to repeats in the ciphertext.

Notes on AES in Counter Mode (CTR)

The Key Schedule is made from the password as in ECB mode.

An 8-byte nonce is made and combined with an 8-byte counter to provide a 16-byte block that is then enciphered with the Key Schedule to produce 16-bytes of random numbers. These are then xored with 16 bytes of plaintext to produce ciphertext.

The counter is set to zero for the first 16 bytes and then incremented for each successive block of 16 bytes. In this way a new set of 16 random numbers is created to xor each successive block of 16 bytes of plaintext.

The nonce is made for each message from a seed derived from the current microtime. The nonce is prepended to the ciphertext, to be used in decipherment.

The weakness mentioned above for the ECB method is absent in CTR mode and there is no need for padding of the plaintext.