4

What will be the default mode for AES encryption if we don't use any specific mode like ECB, CBC, OFB, CTR, etc. and just carry out the encryption without specifying any AES encryption mode.

kanudo
  • 143
  • 1
  • 1
  • 5
  • "No mode" is the same thing as ECB (electronic codebook) mode. – Mark Apr 04 '14 at 09:11
  • 1
    The default mode will depend on the specific software/library you are using. (E.g., Lucas Kauffman's answer found pycrypto defaults to ECB (bizarre choice), while [openssl](https://www.openssl.org/docs/apps/enc.html#SUPPORTED_CIPHERS) defaults to CBC for their block ciphers). Its best to always specify a mode and never use ECB. – dr jimbob Apr 05 '14 at 05:43
  • The new edit doesn't make it clearer, you're now omitting to which software this pertains. I realize that you mean for Python AES library, but that's now only visible via revision history. As is, I can't vote to reopen, please revise again. – TildalWave Apr 05 '14 at 08:23

1 Answers1

2

The default mode will be MODE_ECB as detailed in the documentation. The different modes have already been described in this answer.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • Like as it is asked in the question of above answer, which mode should be used to secure data like CREDIT CARD DETAILS, etc. – kanudo Apr 04 '14 at 10:12
  • @Kanudo: There is no "use mode X answer", otherwise there wouldn't be as many modes in the first place. Different modes ensure different things and are suitable in different situations. – Karol Babioch Apr 04 '14 at 14:16
  • It's worth specifying that ECB, while conceptually the simplest mode (just encrypt/decrypt every block independently), **ECB quite often leaks information and should never be used**. The fact that one library (pycrypto) defaults to ECB when nothing is specified is pretty meaningless. Most people these days default to (with a random nonce) CTR or CBC (granted neither of these modes include any sort of MAC scheme built-in to authenticate the data wasn't tampered). CTR has the benefit of being parallelizable, but is easier to secretly tamper the ciphertext if you know parts of the plaintext. – dr jimbob Apr 05 '14 at 05:31
  • 1
    (Not to imply that you can't tamper CBC either; its just that tampering any block except the first (where you tamper the IV) will mess up one other block of data.) For example, [the paper that introduces AES](http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf) doesn't mention block cipher modes, ECB, CBC, or CTR. It just talks about how AES works on one block. Or for example in [openssl](https://www.openssl.org/docs/apps/enc.html#SUPPORTED_CIPHERS) all their block ciphers default to CBC (e.g., `openssl enc aes-128` is an alias for `aes-128-cbc`). – dr jimbob Apr 05 '14 at 05:38
  • @drjimbob is it a good practice to use PBKDF2 (Password Based Key Derivation Function 2) with AES encryption - mode CBC for storing user account data in database. – kanudo Apr 05 '14 at 06:31