Over a million developers have joined DZone.

When AES Encryption Isn't Very Good

DZone's Guide to

When AES Encryption Isn't Very Good

· DevOps Zone ·
Free Resource

The Nexus Suite is uniquely architected for a DevOps native world and creates value early in the development pipeline, provides precise contextual controls at every phase, and accelerates DevOps innovation with automation you can trust. Read how in this ebook.

We all know that encryption is complicated but most people think that because they are using AES, Blowfish, IDEA, or some other advanced encryption then the data is secure. Well it’s more complicated than that. Not only do you have to look at the key size like 128 bit, 256 bit, etc., but another really important piece is the mode that the encryption uses. ECB mode has some serious problems because it is poor at hiding data patterns. There are a lot of software packages that offer strong AES encryption but use EBC mode and therefore aren’t that strong.

A standard example of the problem with EBC mode is shown below:

Original Original Securely Encrypted
Original ECB Mode Encrypted Securely Encrypted

It is very obvious above that when the original photo is encrypted with ECB mode you have changed the data but the pattern is still there. This is a very obvious example with a picture but the problem exists for text also.

Make sure to check your software because many applications that you think securely scramble your data with AES strong encryption use EBC mode. So when looking at your tools that use encryption, make sure they use Cipher-Block Chaining mode (CBC mode) or some other proven mode. You can find more on the encryption modes here:

The DevOps Zone is brought to you in partnership with Sonatype Nexus.  See how the Nexus platform infuses precise open source component intelligence into the DevOps pipeline early, everywhere, and at scale. Read how in this ebook


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}